GoDaddy phishing 'test' teased employees with a fake holiday bonus

They were promised a $650 holiday bonus from their company. It wasn’t an act of corporate goodwill, though, but a particularly tone deaf phishing test. And instead of extra cash, those who failed were assigned extra work.

That’s what happened to around 500 employees at GoDaddy, Arizona’s Copper Courier reported. The company reportedly sent its workers an email earlier this month promising the one-time payouts to “show our appreciation” for “a record year for GoDaddy.” The messages asked employees to reply with details about their location and other information in order to receive their payments. 

Those who did were informed two days later that “you failed our recent phishing test,” and that they would be required to complete a security training, according to Copper Courier reporter Lorraine Longhi. News of the “test” prompted outrage on Twitter, with some users threatening to change hosting providers.

While it’s not unusual for companies to send fake phishing emails to test their employees, promising a holiday bonus in the middle of a pandemic when millions are struggling to stay fed and housed is particularly cruel. As Longhi points out, GoDaddy “laid off or reassigned hundreds of employees during the coronavirus pandemic,” despite reporting record growth in new customers during its last earnings call.

GoDaddy didn’t immediately respond to a request for comment.

Update 12/24 7:40pm ET: In a statement, a GoDaddy spokesperson said the company apologized to employees. “GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” the spokesperson said. “While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.”