Fake Bonus - Has GoDaddy crossed the line?

MapleDots

Community Guide
Verified Member
Boardroom Access
Joined
Nov 4, 2020
Topics
698
Posts
2,803
Likes
2,377
Market
Picture0002.png


GoDaddy’s security has been under the microscope lately, with two high profile security incidents reported by Krebs On Security on November 21 and on March 31. I wrote about the first incident, which involved an account held by Escrow.com. With many employees working from home because of Covid-19, it has likely become a much more challenging task to ensure GoDaddy employees use best security practices to avoid being hacked or having systems or accounts compromised.

According to an article in The Copper Courier, GoDaddy tested its employees by deploying an email promising a holiday bonus, but it was really a phishing test in disguise:

https://domaininvesting.com/godaddy-apologizes-for-insensitive-bonus-fakeout-phishing-test/
 

rlm

Highest Like Count
Notable Member
Joined
Nov 7, 2020
Topics
50
Posts
1,190
Likes
1,055
That's funny. Cruel, but funny. And very sad from the security perspective. And from the hiring perspective - shouldn't passing that test happen during the interview phase?? They just shouldn't have admitted to doing it as a test. They just should've said, "no that wasn't us, you fell for a scam and put our systems & customers at risk. Not only are you not getting a bonus, you're fired." I have to live up to my Grinch reputation after all.
 

DomainRecap

Highest Post Count
Notable Member
Joined
Nov 23, 2020
Topics
41
Posts
1,551
Likes
771
Bonus or not, these Bad Actors often use some type of "honey pot" trap to lure their victims in, and employees are told that no matter what, confirm any email messages and sources first, instead of clicking on links or taking other actions.

Social engineering is a lot smarter now, and instead of Nigerian Princes giving away their riches to the first guy who sends his banking information, it's now "employee bonuses", "your boss needs Amazon gift cards", and "payroll problems".

Either way, you need to be smart and call up HR or talk to their supervisor, and not just start clicking and filling in info because some 3rd-world scammer fake-offers you a bag of cash.
 

FM

WHC.ca
Service Rep.
Verified Member
Boardroom Access
Joined
Nov 20, 2020
Topics
49
Posts
645
Likes
429
Everything else aside, the info I'm missing here is, how many employees provided information on the link. It seems they tracked the clicking, but that's really just part of the phishing.
 

DomainRecap

Highest Post Count
Notable Member
Joined
Nov 23, 2020
Topics
41
Posts
1,551
Likes
771
I saw on Twitter that a pile of Crypto-domains were stolen by scammers using social engineering techniques on GD staff, so the lesson was obviously not learned.
 

DomainRecap

Highest Post Count
Notable Member
Joined
Nov 23, 2020
Topics
41
Posts
1,551
Likes
771
Wow, who is stupid enough to believe that your employer needs "further details" to pay you a Holiday bonus? If so, how do you get paid in the first place?

It's easy, you see crap like that, call HR or talk to your supervisor, but DO NOT under any circumstances just start clicking.

They should give everyone who failed the test a Winnie the Pooh patch to sew on their jacket, cuz they just can't resist them honeypots.

pooh-patch.jpg
 
Members who read this topic: 0
    Top Bottom