094 90 48200    Get SUPPORT

Aniar IT Services Blog

How Not to Teach Your Team About Phishing, Courtesy of GoDaddy

How Not to Teach Your Team About Phishing, Courtesy of GoDaddy

GoDaddy—the domain registrar and web-hosting company once famed for its risqué advertisements—is facing some significant backlash for a much different reason. On December 14th, GoDaddy’s employees received an email that appeared to be from the company, promising a holiday bonus. However, while the email was from the company as it appeared to be, it was actually a phishing test that the hosting provider decided to run.

Let’s consider the situation:

GoDaddy’s Phishing Message:

When they checked their email on December 14th, GoDaddy’s employees found an email waiting for them in their inboxes, sent from “Happyholiday@Godaddy-dot-com”. Upon opening it, they found the following message, under a large picture of a snowflake emblazoned with the company’s name and “Holiday Party.” Get ready, it’s a doozy:

---

Happy Holiday GoDaddy!

2020 has been a record year for GoDaddy, thanks to you!

Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus! To ensure that you receive your one-time Bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.

US

EMEA

Any submittals after the cutoff will not be accepted and you will not receive the one-time bonus of $650 (free money, claim it now!)

We look forward to celebrating with you again, in person next year!

---

However, no bonus reportedly awaited the approximately 500 employees who excitedly clicked through the links. Instead, they received an email from the company’s security chief two days later, informing them that they had failed the phishing test and would therefore need to retake the company’s Security Awareness Social Engineering training.

As you can imagine, this did not sit well for many of these employees… especially considering that the “record year” GoDaddy experienced came only after hundreds of employees were either reassigned or laid off entirely. Combining that with the fact that a data breach ultimately exposed 28,000 of GoDaddy customers’ credentials earlier this year, and the comments seem especially ill-advised.

GoDaddy has since released an apology for their mean-spirited bait-and-switch phishing test, releasing a statement. According to a spokesperson, “GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized.” While the company felt that the lesson was an important one to impart to their team members, there has been some acknowledgement that this was an insensitive means of doing so.

GoDaddy Isn’t the Only Company to Do This

Other companies and organizations have used similar tactics as they have worked to evaluate their internal phishing preparedness. One example came in September, when Tribune Publishing sent out a company email trying to phish employees with the promise of a targeted bonus ranging somewhere between $5,000 and $10,000. The Tribune’s attempt was also derided by the employees affected by it, one reporter tweeting that the level of cruelty was “stunning.” That company also apologized for its use of a “misleading and insensitive” email.

However, Phishing Can’t Just Be Ignored

While these companies certainly took the wrong approach to educating their users, the point still stands that phishing is a very serious risk for businesses today to contend with.

Instead of taking this approach, there are other ways to help educate your team, through seminars or even other internal evaluations. The primary issue really came from the fact that GoDaddy took advantage of a monetary promise to their employees during a time when many people are already financially strapped, with seemingly no intention of giving them this bonus.

Obviously, this is a situation that nobody wants to find their organization in, just as nobody wants their organization to be phished. However, with Aniar IT Services, there are ways to prevent the latter. Give our team a call at 094 90 48200 to learn more about how we can help you fight back against phishing, without alienating your employees.

Why Is It Super Important to Keep Your Software Up...
Tip of the Week: Four Tips and Tricks Within the G...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, January 21 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Cloud Google Efficiency Email Privacy User Tips Workplace Tips Network Security Internet Hosted Solutions IT Support Innovation Microsoft Data Software Communication Mobile Device Hackers Users Hardware VoIP Collaboration Data Backup Smartphones Business Small Business Phishing Data Recovery IT Services Managed IT Services Android Cybersecurity Network Mobile Devices Cloud Computing Computer Tech Term Smartphone Windows 10 Communications Managed Service Malware Gadgets Backup Miscellaneous Windows Outsourced IT Business Continuity Browser Saving Money Artificial Intelligence Passwords Internet of Things Upgrade Spam Business Management BDR Quick Tips Information Disaster Recovery Facebook Office 365 Save Money Chrome Social Media Server Covid-19 Holiday How To Router Automation Wi-Fi BYOD Microsoft Office Applications Computers Data Security Encryption Patch Management Paperless Office Mobile Office Data Storage Word Cybercrime Blockchain Operating System Apps Networking Windows 7 Government Settings Remote Work Virtualization Human Resources Infrastructure Telephone System Mobile Device Management Vendor Staff Ransomware Bandwidth History Remote Two-factor Authentication Vulnerability Display Data Protection Money HIPAA Data Breach Managed IT Connectivity Remote Monitoring CES Procurement Website OneNote Redundancy Voice over Internet Protocol Health Fraud Telephone Systems Unsupported Software Social Engineering Servers Content Management Avoiding Downtime Employee/Employer Relationship Managed Services Net Neutrality Keyboard Wireless VPN WiFi Password Comparison Spam Blocking Help Desk Machine Learning Compliance Digital Signage Google Docs Law Enforcement Processor Bring Your Own Device Cryptocurrency IT Management Software as a Service Augmented Reality Conferencing Training Telephony Vendor Management App Scam Hard Drive Business Intelligence Identity Theft Update Meetings Google Drive Botnet Office Audit Virtual Assistant Education Managed Services Provider Private Cloud IT Plan Sports Big Data Business Technology Access Control Managed IT services Cast Search Engine Travel Supply Chain Management Procedure Proactive IT Evernote Cleaning Cables Trend Micro Recycling Devices Tools Work/Life Balance SMS OLED Using Data Printers Public Cloud Password Management Social Frequently Asked Questions Recovery Batteries PCI DSS Sales Firewall Authentication Start Menu Remote Computing IT Assessment Bing Cache FinTech MSP Practices Sync Default App Multi-Factor Security Shopping Entertainment Warranty eWaste Thought Leadership Virtual Machine Millennials AI Computer Fan Employee Amazon Biometric Security Information Technology Data loss OneDrive Software Tips NIST Excel Virtual Private Network SharePoint Unified Threat Management Windows Server 2008 R2 HVAC Wireless Internet Apple File Sharing ISP Charger Hosted Computing IT Infrastructure Social Network Printer Legal Value Hypervisor Workforce FENG Amazon Web Services Accountants Flash Manufacturing Computing Cortana Alert Specifications Copiers Tip of the week Remote Workers End of Support Mobile Computing Password Manager Nanotechnology USB Peripheral Cryptomining Wireless Charging Inventory Investment Trending Printing YouTube Mouse Criminal Twitter Going Green 5G Google Search HaaS Virtual Reality Professional Services Smart Tech Development Solid State Drive Safe Mode Security Cameras Digital Signature Windows Server 2008 Managed IT Service Smart Office Business Mangement Windows 10s Shortcuts Electronic Medical Records Wire HBO Project Management Quick Tip The Internet of Things RMM Downtime Remote Worker Database Google Apps ROI Personal Hacker Screen Mirroring Microchip Addiction Saving Time Telecommuting Policy Save Time Online Shopping Cabling Fiber Optics Gmail Messaging Physical Security Smartwatch Credit Cards PDF Computer Care Employer-Employee Relationship Document Management Camera Enterprise Content Management Mobility Data Management Outlook Bitcoin Regulations Employees Root Cause Analysis Wiring Workers Skype GDPR Digitize Managing Stress Financial Customer Service Hard Drives Domains Search Windows 10 Public Speaking CrashOverride Presentation Lithium-ion battery Managed Service Provider Wireless Technology Regulation Tech Support Safety IBM Hiring/Firing Productivity Marketing Company Culture Fun Budget Emergency Personal Information Competition Customer Relationship Management IP Address