There’s no denying that 2020 has been a tough year for a lot of people, but GoDaddy managed to make things just a little bit worse for its employees right at the end of the year with quite an insensitive phishing email blunder.
What Did GoDaddy do?
GoDaddy sent out a fake phishing email to staff offering a $650 Christmas bonus if they click on a link and fill in some personal details. This type of email is actually quite common; many companies regularly test employees against fake phishing emails to see where extra training might be needed and to check how vigilant people are.
However, what makes the GoDaddy example particularly egregious is that the company had already confirmed there would be no bonuses at all in 2020, just months after CEO Aman Bhutani had announced a range of staff layoffs.
Around 500 staff clicked the fake bonus bait, only to receive a follow-up email two days later informing them they failed GoDaddy’s phishing test and there was no bonus at all.
What Were the Consequences?
Employees were understandably upset. Millions of Americans have found themselves without jobs, reduced incomes, and facing tough times all around, making GoDaddy’s stunt somewhat insensitive.
There was a corresponding outpouring of sympathy with the staff on social media and near blanket condemnation of the company's behavior. It comes at a time when GoDaddy’s reputation has already taken several knocks, with a confirmed data breach in October in which a number of accounts were compromised. The hosting giant didn’t disclose the number of customers affected but did offer one year’s worth of complimentary malware removal services.
Unfortunately, for the staff that fell for the phishing trick, all they received was an apology. Companies need to be incredibly careful these days, as multiple reputation hits like this can easily translate into lost customers in the long term.
Despite how insensitive GoDaddy’s test might have been, we always try to take every opportunity to remind people to be vigilant online. If you get an email with a link in it, always confirm the sender is someone you trust and keep an eye out for anything suspicious. If you’re unsure, contact companies directly through the details available on their websites.