Fake Bonus - Has GoDaddy crossed the line? (4.Viewing)

MapleDotsMapleDots is verified member.

MapleDots.ca
Domain Business
Community Guide
Joined
Nov 4, 2020
Topics
1,736
Posts
7,243
Likes
6,592
From
Waterloo, ON
Country flag
Picture0002.png



GoDaddy’s security has been under the microscope lately, with two high profile security incidents reported by Krebs On Security on November 21 and on March 31. I wrote about the first incident, which involved an account held by Escrow.com. With many employees working from home because of Covid-19, it has likely become a much more challenging task to ensure GoDaddy employees use best security practices to avoid being hacked or having systems or accounts compromised.

According to an article in The Copper Courier, GoDaddy tested its employees by deploying an email promising a holiday bonus, but it was really a phishing test in disguise:

https://domaininvesting.com/godaddy-apologizes-for-insensitive-bonus-fakeout-phishing-test/
 
That's funny. Cruel, but funny. And very sad from the security perspective. And from the hiring perspective - shouldn't passing that test happen during the interview phase?? They just shouldn't have admitted to doing it as a test. They just should've said, "no that wasn't us, you fell for a scam and put our systems & customers at risk. Not only are you not getting a bonus, you're fired." I have to live up to my Grinch reputation after all.
 
Bonus or not, these Bad Actors often use some type of "honey pot" trap to lure their victims in, and employees are told that no matter what, confirm any email messages and sources first, instead of clicking on links or taking other actions.

Social engineering is a lot smarter now, and instead of Nigerian Princes giving away their riches to the first guy who sends his banking information, it's now "employee bonuses", "your boss needs Amazon gift cards", and "payroll problems".

Either way, you need to be smart and call up HR or talk to their supervisor, and not just start clicking and filling in info because some 3rd-world scammer fake-offers you a bag of cash.
 
Everything else aside, the info I'm missing here is, how many employees provided information on the link. It seems they tracked the clicking, but that's really just part of the phishing.
 
I saw on Twitter that a pile of Crypto-domains were stolen by scammers using social engineering techniques on GD staff, so the lesson was obviously not learned.
 

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Members who recently read this topic: 1

Back
Top Bottom