Friday, 1 January 2021

A phishy move by GoDaddy

Hosting provider GoDaddy made waves over the Christmas period a couple weeks ago, though sadly not for good reasons. What transpired was that they subjected their employees to a phishing test, with an email that promised a juicy Christmas bonus (650 USD, if I'm not mistaken) if they filled out an online form with personal details, and hit the Send button. Employees who fell for it, were later sent another email informing them that they had failed the test, and would have to report for security awareness training.



Talk about a dick move! GoDaddy came under fire - mostly from Twitter - for that stunt, and has since apologized.

Here are some thoughts on this debacle. I have so many questions.

For starters, no one's denying that the subject matter of their testing email was pretty insensitive, especially in light of Americans as a whole being concerned with job losses and all. But OK, Management being tone-deaf assholes? How is that news? Why's everyone acting like it's such a novelty? Though, Twitter being the melodramatic outrage machine that it has been over the past decade, it's no real surprise that people are blowing things up.

Secondly, is no one concerned about the fact that GoDaddy's employees can be that gullible? Clicking on a phishing email is one thing. They actually filled up that form and sent their details! Sweet Jesus, they didn't even stop to consider that if their own company had indeed sent that email, the company wouldn't need them to send their details because the company would already have those details? Show of hands - who's got GoDaddy as their hosting provider and is harboring some serious doubts now?

And lastly, why are GoDaddy's employees so desperate for money that they would do that? Doesn't the company pay them enough? On that evidence, clearly not! I mean, if someone offered me 650 USD in return for going through the trouble of filling up a form, I wouldn't think it was worth my time. GoDaddy's employees, on the other hand... it was so easy it was like shooting phish in a barrel. (hur hur)

What GoDaddy needs to do

Well, as trollish at it was, GoDaddy had the right idea as to how to perform a phishing test. What they got wrong was the frequency. Their employees failed because obviously they weren't desensitized to this enough. The remedy to that is to conduct these tests so often that their employees will automatically start ignoring anything from the company that promises them money...

...I kid, OK? Un-bunch your knickers, honey. That was a joke.

Actually what GoDaddy should have done in the first place was assume that everyone falls for phishing scams, and just skip the test. Sign their employees up for training right off the bat. This way, they would have avoided a whole lot of embarrassment, hurt feelings and Twitter outrage.

Now that's a fine kettle of phish!
T___T

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)