Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

GoDaddy Demonstrated How Not to Educate Users About Phishing

GoDaddy Demonstrated How Not to Educate Users About Phishing

While phishing awareness is an important practice to teach to a business’ employees, some methods are better than others, as GoDaddy—the domain registrar and web-hosting company notorious for its run of risqué ads—is learning the hard way. On December 14, GoDaddy’s employees received an email that seemed to be a holiday bonus from the company… only to find out (the hard way) that it was a phishing test that their employer had run.

Let’s review the chain of events:

The Message GoDaddy’s Employees Received

When the employees GoDaddy involved in their phishing test opened their email on December 14, a message from the address “Happyholiday@Godaddy-dot-com” awaited them. Below, we have replicated the message it contained, under a large, branded announcement of a “Holiday Party.”

I hope you’re sitting down:

---

Happy Holiday GoDaddy!

2020 has been a record year for GoDaddy, thanks to you!

Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus! To ensure that you receive your one-time Bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.

US

EMEA

Any submittals after the cutoff will not be accepted and you will not receive the one-time bonus of $650 (free money, claim it now!)

We look forward to celebrating with you again, in person next year!

---

I don’t know about you, but if that showed up in my email—just before the holiday season, during a year marred by a terrible pandemic, no less—I would be pretty excited.

However, no bonus was in store for the company’s 500 employees who clicked through the links. All they got was another email, two days later, from the company’s security chief. This was how these employees were informed that the email was nothing but a phishing test, and since they had failed, they would need to retake the company’s Security Awareness Social Engineering training.

Of course, this message did not land very well amongst many of these employees… and it certainly wasn’t helped, considering the “record year” that the email bragged about came after hundreds of employees were reassigned or completely laid off, and a data breach had exposed 28,000 GoDaddy customers’ data earlier in the year.

GoDaddy has since released a statement, apologizing for the poorly-thought-out phishing test. As a spokesperson for the company said:

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized.”

Companies Other Than GoDaddy Have Made Similar Errors

GoDaddy is not the only company to stumble during their phishing evaluations. In September, Tribune Publishing sent out an internal phishing email offering targeted bonuses worth anywhere between $5,000 and $10,000. As with GoDaddy, this attempt saw backlash from employees, one reporter tweeting that the cruelty of it was “stunning.” As happened with GoDaddy, the company apologized for its “misleading and insensitive” email.

In Fairness, Phishing Should Be Highlighted…Just Not This Way

While these examples prove that there is definitely a wrong way to educate users about phishing, it must be said that phishing is a very real threat for businesses of all sizes today.

However, when you try to educate your users, we suggest using different tactics. Seminars and training sessions are great options, and practical evaluations are very effective (as long as you do it differently than GoDaddy). The main issue in GoDaddy’s case was that they took advantage of their employees, during a time when many were already under financial strain, running a test that offered them a sizable bonus when they seemed to have no intention of actually distributing it.

Naturally, nobody should hope that their organization offends its workforce, and nobody should hope that their organization falls victim to a phishing attack. Fortunately, Bardissi Enterprises can at least help you with the latter. Call our team at (215) 853-2266 to find out how we can help you address the complicated issue of phishing attacks.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 21 November 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...