GoDaddy sent employees an email announcing $650 holiday bonuses. But it was actually a phishing test.
"To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th," the email said.
Employees who opened the email and failed the test were invited to retake the company's security training.
GoDaddy, the world's largest domain registrar and web-hosting company, is facing backlash for duping employees with a phishing test disguised as a holiday bonus announcement.
On December 14, GoDaddy employees received an email from firstname.lastname@example.org about a "GoDaddy Holiday Party," according to The Copper Courier.
"2020 has been a record year for GoDaddy, thanks to you!" the email said.
"Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!" it added.
The recipients were asked to submit personal information by December 18 to receive the bonus.
The email, which three GoDaddy employees shared with The Copper Courier, included a snowflake banner in the theme of a holiday-party invite.
But two days later, about 500 employees received another email from the company's chief security officer, Demetrius Comes.
"You're getting this email because you failed our recent phishing test," Comes wrote, according to The Copper Courier. "You will need to retake the Security Awareness Social Engineering training."
Security breaches and phishing emails, which prompt people to disclose personal or financial information, can disrupt businesses and expose people to identity theft. But many criticized the bonus offers in GoDaddy's test as insensitive.
GoDaddy did not immediately respond to a request for comment.
In the second quarter of 2020, GoDaddy reported "record customer growth" and said it had surpassed 20 million customers. But it has also had to lay off or reassign hundreds of employees during the pandemic.
Read the original article on Business Insider