You are here: Home Blog ClearView IT GoDaddy Demonstrated How Not to Educate Users About Phishing

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

GoDaddy Demonstrated How Not to Educate Users About Phishing

ClearView IT Blog Security
0 Comments
GoDaddy Demonstrated How Not to Educate Users About Phishing

While phishing awareness is an important practice to teach to a business’ employees, some methods are better than others, as GoDaddy—the domain registrar and web-hosting company notorious for its run of risqué ads—is learning the hard way. On December 14, GoDaddy’s employees received an email that seemed to be a holiday bonus from the company… only to find out (the hard way) that it was a phishing test that their employer had run.

Let’s review the chain of events:

The Message GoDaddy’s Employees Received

When the employees GoDaddy involved in their phishing test opened their email on December 14, a message from the address “Happyholiday@Godaddy-dot-com” awaited them. Below, we have replicated the message it contained, under a large, branded announcement of a “Holiday Party.”

I hope you’re sitting down:

---

Happy Holiday GoDaddy!

2020 has been a record year for GoDaddy, thanks to you!

Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus! To ensure that you receive your one-time Bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.

US

EMEA

Any submittals after the cutoff will not be accepted and you will not receive the one-time bonus of $650 (free money, claim it now!)

We look forward to celebrating with you again, in person next year!

---

I don’t know about you, but if that showed up in my email—just before the holiday season, during a year marred by a terrible pandemic, no less—I would be pretty excited.

However, no bonus was in store for the company’s 500 employees who clicked through the links. All they got was another email, two days later, from the company’s security chief. This was how these employees were informed that the email was nothing but a phishing test, and since they had failed, they would need to retake the company’s Security Awareness Social Engineering training.

Of course, this message did not land very well amongst many of these employees… and it certainly wasn’t helped, considering the “record year” that the email bragged about came after hundreds of employees were reassigned or completely laid off, and a data breach had exposed 28,000 GoDaddy customers’ data earlier in the year.

GoDaddy has since released a statement, apologizing for the poorly-thought-out phishing test. As a spokesperson for the company said:

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized.”

Companies Other Than GoDaddy Have Made Similar Errors

GoDaddy is not the only company to stumble during their phishing evaluations. In September, Tribune Publishing sent out an internal phishing email offering targeted bonuses worth anywhere between $5,000 and $10,000. As with GoDaddy, this attempt saw backlash from employees, one reporter tweeting that the cruelty of it was “stunning.” As happened with GoDaddy, the company apologized for its “misleading and insensitive” email.

In Fairness, Phishing Should Be Highlighted…Just Not This Way

While these examples prove that there is definitely a wrong way to educate users about phishing, it must be said that phishing is a very real threat for businesses of all sizes today.

However, when you try to educate your users, we suggest using different tactics. Seminars and training sessions are great options, and practical evaluations are very effective (as long as you do it differently than GoDaddy). The main issue in GoDaddy’s case was that they took advantage of their employees, during a time when many were already under financial strain, running a test that offered them a sizable bonus when they seemed to have no intention of actually distributing it.

Naturally, nobody should hope that their organization offends its workforce, and nobody should hope that their organization falls victim to a phishing attack. Fortunately, ClearView IT can at least help you with the latter. Call our team at 866-326-7214 to find out how we can help you address the complicated issue of phishing attacks.

Tweet
Tags:
Security Communication Phishing
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 05 July 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Cybersecurity Phishing IT Services Backup Data Backup Ransomware Smartphone communications Upgrade Microsoft Office Smartphones Small Business Network Mobile Devices Managed IT Services Communication Data Recovery Quick Tips Productivity Social Media VoIP Users Mobile Device Tech Term Automation Business Continuity Facebook Windows 10 Passwords Holiday Disaster Recovery Covid-19 Managed Service Apps Windows 10 IT Support Browser Cloud Computing Outsourced IT Miscellaneous Data Management Remote Work Internet of Things Managed Service Provider Government Saving Money Operating System Workplace Strategy Artificial Intelligence Networking Managed IT services Windows Gadgets Server Remote Bandwidth Encryption Blockchain WiFi App Business Technology Virtualization Spam Information Mobile Device Management History Employee/Employer Relationship Apple Information Technology Gmail Office Two-factor Authentication Budget Office 365 Data Security Health Cybercrime Analytics BDR Big Data Conferencing Wi-Fi Access Control Employer-Employee Relationship Cost Management Patch Management Compliance Remote Monitoring Remote Computing Document Management Voice over Internet Protocol Save Money Help Desk Hacking IT Management Training Hacker Vendor Vendor Management Best Practice Hard Drive Customer Service Vulnerabilities Unified Threat Management Retail Firewall Alert Augmented Reality Word Hiring/Firing Legal Project Management Outlook IBM Website Password Data storage Mobile Office Data loss Managed Services BYOD Search... Computing Applications Money Storage Social Sports SaaS DDoS Monitoring Twitter Paperless Office Antivirus Healthcare Maintenance iPhone Law Enforcement End of Support Education Cortana Windows 11 User Printer Content Filtering Remote Workers Websites Router Mobility Chrome Meetings Windows 7 Free Resource Travel Virtual Reality The Internet of Things YouTube Social Engineering Cryptocurrency Google Maps How To Black Market Scam Mobile Computing Cleaning Laptop Robot Marketing Data Breach VPN Running Cable Update Virtual Desktop Avoiding Downtime Experience Holidays Chromebook Taxes Drones Automobile Multi-factor Authentication Cooperation Video Conferencing How To Disaster Saving Time Virtual Machines Microchip Physical Security Computer Repair Flexibility HIPAA Bitcoin Lithium-ion battery Computers Professional Services Hack Start Menu Telephone Identity Theft Downloads Notifications Computer Care Unified Communications Processors Managed Services Provider Vulnerability Excel Google Docs Bluetooth Software as a Service Virtual Private Network Distributed Denial of Service Data Protection Office Tips PowerPoint Current Events Memory Private Cloud Administration Virtual Assistant Solutions Presentation Wireless Technology Specifications eWaste Images 101 IT Consultant Politics Integration Display Settings Machine Learning Tech Terms Downtime Safety Processor Customer Relationship Management Solid State Drive Co-Managed IT Managed IT Employees Digital Entertainment email scam SharePoint Videos Navigation Surveillance Books Digital Payment Addiction Worker Workplace Strategies Managing Costs Language Mobile Security Society Access User Tip Legislation SSID News Monitors Visible Light Communication Media Time Management Evernote Development Reading Public Cloud Network Management Employer/Employee Relationships Virtual Machine Windows 8 Staffing Audit IP Address Reviews Spyware Proxy Server Optimization Emails Fake News Displays Computing Infrastructure Advertising 2FA Relocation File Sharing Service Level Agreement Teamwork Data Storage Smart Technology Troubleshooting Management Hypervisor Work/Life Balance Device security Tech Support Redundancy Shopping Cache Wireless Headphones Medical IT Microsoft Excel Going Green SQL Server Business Cards Paperless Unified Threat Management Tech Workers Competition PCI DSS In Internet of Things Error Licensing Recovery Printing Gig Economy Bookmark Humor Hacks CCTV Network Congestion Download Azure Writing Piracy LiFi Business Communications Touchscreen Entrepreneur Term Internet Service Provider Reliable Computing Application Regulations Compliance Supply Chain Business Owner Managed IT Service Computer Malfunction HTML Documents Emergency Vendor Mangement Business Intelligence Browsers Memes Nanotechnology Upload Software License Human Resources Google Play Net Neutrality Scalability Samsung Financial Data Administrator Uninterrupted Power Supply Workplace Social Network Text Messaging Webcam Proactive IT Securty Domains Risk Management Business Mangement Data Analysis IT Bring Your Own Device Screen Reader Trends Mobile Technology Google Apps Security Cameras Tablets Telework Scams Inbound Marketing Customer Resource management Devices Music Tip of the week Google Calendar Smartwatch Fileless Malware Communitications Supercomputer Microsoft 365 Gamification Company Culture Virus Procurement Public Speaking FinTech Botnet Cables Telephone System Motion Sickness Regulations Streaming Media Comparison CES Google Drive Electronic Payment Directions IT Assessment Rental Service Backup and Disaster Recovery Micrsooft Content Value Flash Desktop Keyboard Supply Chain Management Knowledge Hard Drives Organization Corporate Profile Point of Sale Electronic Medical Records Cyber security Telephone Systems Accountants Business Growth Television Telephony intranet Smart Devices Employer Employee Relationship Phone System Database Cabling Shortcuts Wireless Shortcut Remote Working Heating/Cooling AI Tablet Environment Health IT Trend Micro Banking G Suite Equifax Google Wallet Hard Drive Disposal Windows XP Mouse Digital Security Cameras VoIP Social Networking Electronic Health Records Messenger Tracking Tactics Transportation Deep Learning Be Proactive Username Wasting Time eCommerce Business Metrics Web Server Computer Accessories Startup Modem Hosted Solution Freedom of Information

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here