430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

GoDaddy apologized for insensitive phishing email sent to its employees offering a fake bonus

GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic problems caused by the ongoing COVID-19 pandemic. The web provider apologized Thursday for the cyber security test […]

godaddy

GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees.

GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic problems caused by the ongoing COVID-19 pandemic. The web provider apologized Thursday for the cyber security test aimed at verifying the response of its personnel to a phishing campaign.

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a spokesman for GoDaddy told AFP in a statement.

“While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees,”

The approach was criticized by part of the cyber security community due to the bait used in the test and the period chosen for the simulation. On the other side, the company opted for this test because it mimics a real attack that could happen at any time and that could take advantage of the pandemic.

The test took place in December, the message deceived around 500 employees who clicked on it. The email stated that GoDaddy was offering a Christmas bonus of $650 and asked them to fill out a form with their personal details.

“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!” the email reads. “To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.”

Two days later, the employees were informed by email of the ongoing security test, the message received by the ones that opened the email states:

“You’re getting this email because you failed our recent phishing test,” the company’s chief security officer Demetrius Comeswrote. “You will need to retake the Security Awareness Social Engineering training.”

Those who failed the test are invited to retake the Security Awareness Social Engineering training.  

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]