GoDaddy 피싱 '테스트', 가짜 휴가 보너스로 직원을 조롱

newsroom 12/26 '20 posted 뉴스 IT

• 익명의 독자가 보고서를 공유합니다 (대체 출처) : "2020 년은 GoDaddy의 기록적인 해였습니다. 덕분에!"

• 수백 명의 GoDaddy 직원에게 보내는 14 개의 이메일은 스트레스가 많은 한 해 동안 환영할 만한 재정적 구제를 약속했습니다.

• 하지만 이틀 후 회사는 또 다른 이메일을 보냈습니다.

• "보안 인식 사회 공학 교육을 다시 받아야합니다."

• 이 회사의 보안 책임자인 Demetrius Comes는 "최근 피싱 테스트에 실패하셨기 때문에 이 이메일을 수신하게 되었습니다."라고 썼습니다.

• 회사는 올해 2 천만 고객을 돌파하고 "기록적인 고객 성장"을 보고했음에도 불구하고 아리조나, 아이오와 및 텍사스를 포함한 코로나 바이러스 전염병으로 인해 수백 명의 직원을 해고하거나 재배치했습니다.

• “공휴일에 맞춰 일회성 보너스를 받으려면 위치를 선택하고 12 월 18 일 금요일까지 세부 정보를 입력하십시오.

• 이 테스트는 오늘날의 실제 시도를 모방했지만, 우리는 더 잘하고 직원들에게 더 민감해야합니다. "라고 애리조나에 본사를 둔 회사는 덧붙였습니다.

• 연말 연시 파티에서 함께 축하할 수는 없지만 감사를 표하고 일회성 연말 연시 보너스 $ 650를 공유하고 싶습니다!

• GoDaddy는 의견 요청에 즉시 응답하지 않았습니다.

GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test. [it.slashdot.org]

GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test. [coppercourier.com]

GoDaddy Apologises For Fake Christmas Bonus Email Security Test [www.ibtimes.com]

GoDaddy phishing 'test' teased employees with a fake holiday bonus [www.engadget.com]

GoDaddy used a holiday bonus email as a phishing scam test. SIGH. [mashable.com]

GoDaddy wins our 2020 award for most evil company email [www.theverge.com]

GoDaddy uses fake holiday bonus notification to test employees on email phishing [thehill.com]

GoDaddy disguised a phishing email test as holiday bonus announcement [www.businessinsider.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

12/26 '20 answered

Phishing tests can be a real educational experience. For management.

GoDaddy sent out a mail telling staff they got a $650 Xmas bonus as a phishing test.

Educational element was not on the end users. https://t.co/bq7DxdVMG9
— Kevin Beaumont (@GossiTheDog) December 24, 2020

Sure the test and education are valid, but it's just incredibly cruel and tone death. I'd be pissed off if I received this, and I'd be embarrassed as a leader.

GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test. https://t.co/pzRzHrqewM pic.twitter.com/nEl50IwGUj
— Max Clark (@maxclark) December 24, 2020

At a time like now? Not the phishing part but using a bonus as a lure. With no stimulus for people are they wrong for having a little bit of hope? How tacky and lame @godaddy @GoDaddyHelp
— Fonz Morris (@youngfonz) December 24, 2020

I'd recommend sending the person who authorized this an email telling them they'd been promoted and then instead fire them directly into the sun https://t.co/HeeHBQZHNT
— Conrad Close (@conradclose) December 24, 2020

this is literally something michael scott did https://t.co/rlOYi1OW3u
— tc (@chillmage) December 24, 2020

Wow. @GoDaddy - you really suck at this Christmas Spirit thing. Shame on you. https://t.co/4qL6aaUkWB
— Matthew "Merry Christmas" Betley??? (@MatthewBetley) December 25, 2020

What an out of touch company. Get your shit together. Employees are not your toys you get to play around with. https://t.co/dAyWkGXWSO
— D.R.E.A.M Clothing (@DreamClothingHQ) December 25, 2020

This is so mean https://t.co/CCYwxOcLWX
— Yashar Ali ? (@yashar) December 24, 2020

millions are suffering right now and @GoDaddy thought this would be a cool time to email employees with the promise of a bonus — only to tell the ones who clicked through they failed a phishing test.

so gross. if you use GoDaddy you should change that. https://t.co/L34C2LnPGU
— shauna (@goldengateblond) December 24, 2020

Dick head move https://t.co/HTW2Ufi8VA
— Cerno (@Cernovich) December 24, 2020

Imagine thinking the best way to test cybersecurity is by sending your own employees a fake email about a holiday bonus....two weeks before Christmas, and during a year of unprecedented economic/financial hardships lmao https://t.co/gNqQgnqwNz
— Shon (@gayblackvet) December 24, 2020

Read the effing room, GoDaddy- my god.
I hope that the company will make good on the bonuses. https://t.co/zWFpUzi8ZI
— Carol Roth (@caroljsroth) December 24, 2020

Reminder: the temporary high engendered by "gotcha" phishing tests pales in comparison to the resentment and distrust sewn by tactless lures. Infosec must foster safe habits, not foist callous pop quizzes.

Just because you can, doesn't mean you should.https://t.co/sZ1JSxxFcg
— Kelly Shortridge (@swagitda_) December 24, 2020

Hi @GoDaddy @GoDaddyHelp, as a 15-year Cybersecurity professional, I find this absolutely appalling. Abusing your employees in this way does nothing to improve your security posture, in fact quite the opposite. You can and need to do better.https://t.co/l9OF2YyTJl
— Alyssa Miller - MS, CISM (@AlyssaM_InfoSec) December 25, 2020

this is next-level super-villain shit, what the fuck https://t.co/YNwgsuHrmh
— Lindsay Gibbs (@linzsports) December 25, 2020

Some??? https://t.co/f6lqMw3TYZ
— Casey Newton (@CaseyNewton) December 24, 2020

With the holidays around the corner, GoDaddy employees received an email last week offering some welcome financial relief: a $650 holiday bonus.

Two days later, they received another email from GoDaddy:

“You failed our recent phishing test.” https://t.co/FHWG93BnAM
— Lorraine Longhi ? (@lolonghi) December 23, 2020

GoDaddy
June: laid off 800+ employees
November: reported 11% revenue increase & record number of new customers
Now: sent staff notice of $650 bonuses - turns out it was a phishing test; employees actually get $0 & must complete a "social engineering" testhttps://t.co/1zFG3nprBC
— Dan Price (@DanPriceSeattle) December 25, 2020

I wish they would stopdaddy. Hahaha just kidding. But if I can be serious for a moment guillotine https://t.co/G9GsQF4Uin
— alex goldman (@AGoldmund) December 24, 2020

Pentesters must take ethics/cultural events into account when planning phishing pentests. I don’t use any fear pretext or ones that compromise a person’s ability to plan (financially for example) or stay safe, etc — there we use education instead of attack.https://t.co/9OikLBOsdp
— Rachel Tobac (@RachelTobac) December 24, 2020

GoDaddy trolled it's employee's hard this xmas.

Gets the point across but, man, that's cruel.

Zero cool points.https://t.co/qwBc2QRGtE
— Grummz (@Grummz) December 24, 2020

I have a few dormant domains with @godaddy that I will be transferring ASAP —> GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test. https://t.co/vQnjVNrTeL
— ✨Nellie✨ (@BklynActiveMama) December 24, 2020

GoDaddy
June: laid off 800+ employees
November: reported 11% revenue increase & record number of new customers
Now: sent staff notice of $650 bonuses - turns out it was a phishing test; employees actually get $0 & must complete a "social engineering" testhttps://t.co/1zFG3nprBC
— Dan Price (@DanPriceSeattle) December 25, 2020

Alexa, tell me a worse way to train your employees on security practices? Telling employees about a bonus in a year of upheaval and layoffs and then telling them they failed a test ?‍♂️?‍♂️?‍♂️https://t.co/Kt5OXwfIyS pic.twitter.com/n23TdEij2M
— Subrahmanyam KVJ (@SuB8u) December 25, 2020

Pentesters must take ethics/cultural events into account when planning phishing pentests. I don’t use any fear pretext or ones that compromise a person’s ability to plan (financially for example) or stay safe, etc — there we use education instead of attack.https://t.co/9OikLBOsdp
— Rachel Tobac (@RachelTobac) December 24, 2020

GoDaddy trolled it's employee's hard this xmas.

Gets the point across but, man, that's cruel.

Zero cool points.https://t.co/qwBc2QRGtE
— Grummz (@Grummz) December 24, 2020

Hey ⁦@GoDaddy⁩, I thought we already decided that this was a bad idea? https://t.co/wp0kC2qQSX
— Ben Ford #BlackLivesMatter he/him (@binford2k) December 25, 2020

GoDaddy phishing 'test' teased employees with a fake holiday bonus https://t.co/2irFnLUsGD #phishing #godaddy #gear
— SyntaxError (@DataAugmented) December 24, 2020

#CISOs is this effective #security testing or just down right mean?
https://t.co/MxhfSHApGG #phishing #CyberSecurity #infosec
— Jason James (@itlinchpin) December 25, 2020

GoDaddy used a holiday bonus email as a phishing scam test and people aren't happy #cybersecurity #riskmanagement #phishing #malware #Infosec #cyberthreats #ramsomware #hacking #dataprotection #privacy #cyberattacks #databreach https://t.co/nPRPNySGBg pic.twitter.com/8AKqwFHzZ3
— Paula Piccard ?? ?? (@Paula_Piccard) December 25, 2020

GoDaddy used a holiday bonus email as a phishing scam test and people aren't happy https://t.co/gawkvHoC00 pic.twitter.com/sAIb1gfHeZ
— Izu ひhiara ☥ (@OMGStacks) December 24, 2020

Yeah don't use godaddy. They treat their employees like crap and it goes - much- deeper than this. https://t.co/A3DlV6vYDz
— Oceanotter カワウソ (@boko6565) December 25, 2020

permanent link

Open Wiki - Feel free to edit it. -

12/26 '20 answered

Sounds like GoDaddy needs the Christmas miracle of hiring a few #iopsych professionals... “GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test. “” https://t.co/2DcchJJBEO
— Richard N. Landers (@rnlanders) December 25, 2020

Is there any org that is mature enough to use phishing "tests" appropriately? Between directors who brag about 3 strikes policies to this crap where the security org would use this as a pretext, it's time to end this practice. This is employee abuse. https://t.co/l9OF2YyTJl
— Alyssa Miller - MS, CISM (@AlyssaM_InfoSec) December 25, 2020

https://t.co/RgCydYj1j4 Go to the original source. Employees sent screenshots of the e-mail, which was sent with a Godaddy domain name.
— Vincent (@1StatusUpdate) December 26, 2020

対照的:GoDaddy社は全従業員にクリスマスボーナスのメールを送りました。しかし実はボーナスではなく、フィシングのテストでした。(クリックした人が騙されやすい)。https://t.co/o4A0CuF8y1
— ロッシェル・カップ (@JICRochelle) December 26, 2020

When your CISO's KPIs are completely messed up. https://t.co/SrDMBaU1Ck
— stacksmashing (@ghidraninja) December 25, 2020

A @GoDaddy update: I have yet to hear back from the company, but they did provide @karissabe with a statement yesterday about the test:

“While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.”https://t.co/BfdKWbVj5F https://t.co/4bWwHSwYSv pic.twitter.com/0W5ZPW7PoP
— Lorraine Longhi ? (@lolonghi) December 25, 2020

Wow. Epic d*ck move by Go Daddy during the holidays and a pandemic when many are struggling. #infosec #phishing https://t.co/Jbopibjdv1
— Elisa Lippincott (@elisal) December 25, 2020

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured