You are here: Home Blog ClearView IT GoDaddy Demonstrated How Not to Educate Users About Phishing

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

GoDaddy Demonstrated How Not to Educate Users About Phishing

ClearView IT Blog Security
0 Comments
GoDaddy Demonstrated How Not to Educate Users About Phishing

While phishing awareness is an important practice to teach to a business’ employees, some methods are better than others, as GoDaddy—the domain registrar and web-hosting company notorious for its run of risqué ads—is learning the hard way. On December 14, GoDaddy’s employees received an email that seemed to be a holiday bonus from the company… only to find out (the hard way) that it was a phishing test that their employer had run.

Let’s review the chain of events:

The Message GoDaddy’s Employees Received

When the employees GoDaddy involved in their phishing test opened their email on December 14, a message from the address “Happyholiday@Godaddy-dot-com” awaited them. Below, we have replicated the message it contained, under a large, branded announcement of a “Holiday Party.”

I hope you’re sitting down:

---

Happy Holiday GoDaddy!

2020 has been a record year for GoDaddy, thanks to you!

Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus! To ensure that you receive your one-time Bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.

US

EMEA

Any submittals after the cutoff will not be accepted and you will not receive the one-time bonus of $650 (free money, claim it now!)

We look forward to celebrating with you again, in person next year!

---

I don’t know about you, but if that showed up in my email—just before the holiday season, during a year marred by a terrible pandemic, no less—I would be pretty excited.

However, no bonus was in store for the company’s 500 employees who clicked through the links. All they got was another email, two days later, from the company’s security chief. This was how these employees were informed that the email was nothing but a phishing test, and since they had failed, they would need to retake the company’s Security Awareness Social Engineering training.

Of course, this message did not land very well amongst many of these employees… and it certainly wasn’t helped, considering the “record year” that the email bragged about came after hundreds of employees were reassigned or completely laid off, and a data breach had exposed 28,000 GoDaddy customers’ data earlier in the year.

GoDaddy has since released a statement, apologizing for the poorly-thought-out phishing test. As a spokesperson for the company said:

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized.”

Companies Other Than GoDaddy Have Made Similar Errors

GoDaddy is not the only company to stumble during their phishing evaluations. In September, Tribune Publishing sent out an internal phishing email offering targeted bonuses worth anywhere between $5,000 and $10,000. As with GoDaddy, this attempt saw backlash from employees, one reporter tweeting that the cruelty of it was “stunning.” As happened with GoDaddy, the company apologized for its “misleading and insensitive” email.

In Fairness, Phishing Should Be Highlighted…Just Not This Way

While these examples prove that there is definitely a wrong way to educate users about phishing, it must be said that phishing is a very real threat for businesses of all sizes today.

However, when you try to educate your users, we suggest using different tactics. Seminars and training sessions are great options, and practical evaluations are very effective (as long as you do it differently than GoDaddy). The main issue in GoDaddy’s case was that they took advantage of their employees, during a time when many were already under financial strain, running a test that offered them a sizable bonus when they seemed to have no intention of actually distributing it.

Naturally, nobody should hope that their organization offends its workforce, and nobody should hope that their organization falls victim to a phishing attack. Fortunately, ClearView IT can at least help you with the latter. Call our team at 866-326-7214 to find out how we can help you address the complicated issue of phishing attacks.

Tweet
Tags:
Security Communication Phishing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 05 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Network Security Privacy Data Cloud Business User Tips IT Support Internet Hardware Innovation Malware Email Hosted Solutions Efficiency Workplace Tips Computer Microsoft Google Collaboration Android Cybersecurity Phishing Business Management IT Services Backup Data Backup Ransomware communications Smartphone Upgrade Smartphones Small Business Microsoft Office Mobile Devices Network Managed IT Services Communication Data Recovery Quick Tips Productivity Users Social Media VoIP Mobile Device Automation Tech Term Windows 10 Facebook Business Continuity Passwords Holiday Covid-19 Disaster Recovery IT Support Apps Managed Service Browser Windows 10 Miscellaneous Cloud Computing Outsourced IT Internet of Things Managed Service Provider Data Management Remote Work Government Saving Money Operating System Networking Windows Gadgets Workplace Strategy Artificial Intelligence Managed IT services Server Information Bandwidth WiFi Encryption Mobile Device Management App Business Technology Virtualization Blockchain Remote Spam Budget Gmail Office Apple Two-factor Authentication History Information Technology Employee/Employer Relationship Office 365 Analytics Data Security Cybercrime Wi-Fi BDR Big Data Health Conferencing Access Control Save Money Remote Computing Voice over Internet Protocol Patch Management Vendor Compliance Remote Monitoring Help Desk Hacking Cost Management IT Management Training Employer-Employee Relationship Document Management Hacker Hiring/Firing Customer Service Outlook Unified Threat Management Firewall Password Mobile Office Applications Augmented Reality Managed Services Word Project Management BYOD Vulnerabilities IBM Website Computing Vendor Management Hard Drive Search... Best Practice Data loss Legal Retail Alert Data storage Money User Sports Travel Social SaaS DDoS Virtual Reality Data Breach Remote Workers Social Engineering Cryptocurrency Paperless Office Antivirus Black Market Windows 7 Chrome Maintenance Free Resource iPhone Cleaning Education Cortana Robot Content Filtering Monitoring How To Healthcare Mobile Computing Websites Router Mobility Marketing Meetings Running Cable The Internet of Things YouTube Twitter Google Maps Scam Storage Law Enforcement End of Support Laptop Printer VPN Update Windows 11 Virtual Desktop Google Docs Professional Services Experience Bluetooth Taxes Distributed Denial of Service Office Tips Private Cloud Processor Memory Managed Services Provider Disaster Virtual Private Network Physical Security Politics Machine Learning Settings PowerPoint Current Events Lithium-ion battery Administration Multi-factor Authentication Start Menu Solutions Solid State Drive Downloads Presentation Computer Care Processors Specifications IT Consultant Integration Images 101 Vulnerability Saving Time Display Chromebook Software as a Service Drones Data Protection Computers Customer Relationship Management Bitcoin Automobile Co-Managed IT Employees Telephone Entertainment Avoiding Downtime How To Wireless Technology Microchip Holidays eWaste Excel Flexibility Cooperation Downtime Tech Terms Video Conferencing Hack Safety Identity Theft Notifications Managed IT Virtual Machines Computer Repair Digital HIPAA Unified Communications Virtual Assistant Administrator SharePoint PCI DSS Text Messaging Content Licensing Proactive IT Digital Payment Desktop Worker Accountants Supply Chain Gig Economy Bring Your Own Device Electronic Medical Records Humor Internet Service Provider Access Database Azure Business Communications Regulations Compliance Time Management Business Owner Managed IT Service Music Public Cloud Equifax Workplace Staffing Health IT Memes Audit Net Neutrality IP Address Spyware Tactics Hard Drive Disposal Human Resources Botnet Financial Data Username File Sharing Micrsooft Startup Scams Freedom of Information Risk Management Rental Service Redundancy IT Google Apps Navigation Flash Cache Addiction email scam Telework Telephone Systems Unified Threat Management Inbound Marketing Business Growth Workers Mobile Security Communitications Competition Legislation Microsoft 365 Cables News Smartwatch Recovery User Tip Printing Evernote Procurement Network Management CCTV LiFi FinTech Banking Touchscreen Entrepreneur Google Wallet Electronic Payment IT Assessment Application Deep Learning Emails Point of Sale Computer Malfunction Fake News CES Documents Messenger Emergency Proxy Server Supply Chain Management Vendor Mangement Service Level Agreement Value Business Intelligence Computing Infrastructure Shortcuts Organization Business Metrics Management Cyber security Hosted Solution Samsung Device security Smart Devices Uninterrupted Power Supply Wireless Headphones Phone System Webcam Microsoft Excel Securty Books Tech Remote Working Domains Language Business Mangement Going Green Society Business Cards Be Proactive AI Error Trend Micro Tablets Electronic Health Records Monitors Transportation Visible Light Communication Digital Security Cameras Reading Bookmark Google Calendar Term Download Wasting Time Windows 8 Supercomputer Piracy Computer Accessories Modem Workplace Strategies Virus eCommerce HTML Surveillance Public Speaking Displays Nanotechnology Advertising Motion Sickness Videos Relocation Browsers Streaming Media Comparison Google Play Work/Life Balance Google Drive Upload Managing Costs Tech Support Software License SSID Social Network Keyboard Development Hard Drives Corporate Profile Screen Reader Employer/Employee Relationships Media Knowledge Data Analysis In Internet of Things Television Security Cameras Telephony Trends Virtual Machine intranet Employer Employee Relationship Mobile Technology Smart Technology Reviews Wireless Hacks Customer Resource management Optimization Shortcut Network Congestion Cabling Devices Reliable Computing Fileless Malware Heating/Cooling Writing Tablet Teamwork Environment G Suite Tip of the week 2FA Windows XP Mouse Data Storage VoIP Gamification Troubleshooting Hypervisor Social Networking Tracking Company Culture Regulations Medical IT Shopping Telephone System Scalability Directions Backup and Disaster Recovery SQL Server Web Server Paperless

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here