GoDaddy sent an email to employees announcing a surprise holiday bonus. It was really a phishing email test, and those who failed were invited to get more security training

FILE PHOTO: The company logo and ticker for GoDaddy Inc. is displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., March 4, 2019. REUTERS/Brendan McDermid
The company logo and ticker for GoDaddy Inc. is displayed on a screen on the floor of the NYSE in New York

  • GoDaddy is under fire for sending employees an email announcing $650 holiday bonuses.
  • The email was actually phishing test.
  • “To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th,” the email read.
  • Employees who failed the phishing email test were invited to retake the company’s security training instead.
  • Visit Business Insider’s homepage for more stories.

The world’s largest domain registrar and web hosting company, GoDaddy, is facing backlash for duping employees with a phishing test disguised as a holiday bonus announcement.

On December 14, GoDaddy employees received an email from the sender happyholiday@Godaddy.com, titled “GoDaddy Holiday Party,” according to The Copper Courier.

“2020 has been a record year for GoDaddy, thanks to you!” the email continued, “though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!”

Recipients were asked to submit personal information by December 18. Phishing emails typically prompt unwitting people to reveal personal or financial information which could then be used with malicious intent.

GoDaddy Email
A Dec. 14 email sent to hundreds of GoDaddy employees with a holiday bonus to employees, which was actually a phishing test.

GoDaddy Phishing test email
A Dec. 14 email sent to hundreds of GoDaddy employees with a holiday bonus to employees, which was actually a phishing test.

 

Multiple GoDaddy employees shared the email with The Copper Courier; the email included a snowflake banner in the theme of a holiday party invite.

Two days after the announcement was sent, at least 500 employees received an email from the company’s chief security officer, according to The Copper Courier. 

“You’re getting this email because you failed our recent phishing test,” the company’s chief security officer Demetrius Comes wrote in the email. “You will need to retake the Security Awareness Social Engineering training.”

Companies regularly use methods to teach employees about computer safety. Security breaches can have a disruptive effect on businesses and expose people to identity theft.

GoDaddy did not immediately respond to a request for comment.

In 2020, GoDaddy reported “record customer growth” and said  it had surpassed 20 million customers, but the company has not escaped hardship. The company has to lay off or reassign hundreds of employees throughout the pandemic.

Read the original article on Business Insider