Phishing emails

When I first started with my second client, I received an email my first week indicating that I needed to complete some compliance training. I didn't think twice about it because a) it looked legit to me and b) I had just started, and it would make sense that I would have some compliance training to complete. I clicked on the link and was taken to the company's website that chided me for clicking on the link, which was a test. It was an educational experience and a good reminder that we have to stay vigilant, especially as email phishing scams become much more nuanced and sophisticated.

Scottsdale, Arizona-based company GoDaddy had to issue a mea culpa recently due to the same practice of sending a fake phishing email to their employees. The issue is that the email sent to employees offered a Christmas bonus of $650 and asked them to fill out a form with personal details. Around 500 employees clicked on the link, and two days later they received another email indicating that it was a test and they failed. GoDaddy claims that it had previously communicated to employees that there would be no bonuses this year, but that didn't stop many people from expecting one after the bogus email went out.

I understand that GoDaddy was trying to entice employees to make a point about email scams, but this one was in poor taste. The company deserves public shaming for this cause célèbre.


Why do you feel this one was in poor taste? This seems like as high fidelity of phishing as one can can get? 
2020-12-29 17:09:50
It's certainly bad timing. I wouldn't want to work for a company that decides to pull a fake bonus on its employees around the holidays. 
2020-12-29 17:49:08
Mmm timing then. The number of people who fell for it though unnerves me. However I think this is inevitable at large corporations with lower intimacy in communication. This probably would never happen at a well-run <40 person SMB.
2020-12-30 01:19:45