• Buy & Sell your domain names commission free on Canada's most trusted domaining community. Get your own landing page with a custom website address dn.ca/market/user at: Market Pages

Fake Bonus - Has GoDaddy crossed the line? (1 Viewing)

MapleDots

Community Guide
Verified Member
Boardroom Access
Joined
Nov 4, 2020
Topics
854
Posts
3,643
Likes
3,105
Market
Picture0002.png



GoDaddy’s security has been under the microscope lately, with two high profile security incidents reported by Krebs On Security on November 21 and on March 31. I wrote about the first incident, which involved an account held by Escrow.com. With many employees working from home because of Covid-19, it has likely become a much more challenging task to ensure GoDaddy employees use best security practices to avoid being hacked or having systems or accounts compromised.

According to an article in The Copper Courier, GoDaddy tested its employees by deploying an email promising a holiday bonus, but it was really a phishing test in disguise:

https://domaininvesting.com/godaddy-apologizes-for-insensitive-bonus-fakeout-phishing-test/
 

rlm

Highest Like Count
Notable Member
Joined
Nov 7, 2020
Topics
57
Posts
1,439
Likes
1,364
That's funny. Cruel, but funny. And very sad from the security perspective. And from the hiring perspective - shouldn't passing that test happen during the interview phase?? They just shouldn't have admitted to doing it as a test. They just should've said, "no that wasn't us, you fell for a scam and put our systems & customers at risk. Not only are you not getting a bonus, you're fired." I have to live up to my Grinch reputation after all.
 

DomainRecap

Highest Post Count
Notable Member
Joined
Nov 23, 2020
Topics
42
Posts
1,833
Likes
917
Bonus or not, these Bad Actors often use some type of "honey pot" trap to lure their victims in, and employees are told that no matter what, confirm any email messages and sources first, instead of clicking on links or taking other actions.

Social engineering is a lot smarter now, and instead of Nigerian Princes giving away their riches to the first guy who sends his banking information, it's now "employee bonuses", "your boss needs Amazon gift cards", and "payroll problems".

Either way, you need to be smart and call up HR or talk to their supervisor, and not just start clicking and filling in info because some 3rd-world scammer fake-offers you a bag of cash.
 

FM

WHC.ca
Service Rep.
Verified Member
Boardroom Access
Joined
Nov 20, 2020
Topics
53
Posts
725
Likes
522
Everything else aside, the info I'm missing here is, how many employees provided information on the link. It seems they tracked the clicking, but that's really just part of the phishing.
 

DomainRecap

Highest Post Count
Notable Member
Joined
Nov 23, 2020
Topics
42
Posts
1,833
Likes
917
I saw on Twitter that a pile of Crypto-domains were stolen by scammers using social engineering techniques on GD staff, so the lesson was obviously not learned.
 

DomainRecap

Highest Post Count
Notable Member
Joined
Nov 23, 2020
Topics
42
Posts
1,833
Likes
917
Wow, who is stupid enough to believe that your employer needs "further details" to pay you a Holiday bonus? If so, how do you get paid in the first place?

It's easy, you see crap like that, call HR or talk to your supervisor, but DO NOT under any circumstances just start clicking.

They should give everyone who failed the test a Winnie the Pooh patch to sew on their jacket, cuz they just can't resist them honeypots.

pooh-patch.jpg