GoDaddy Apologizes for “Insensitive” Bonus Fakeout Phishing Test

GoDaddy’s security has been under the microscope lately, with two high profile security incidents reported by Krebs On Security on November 21 and on March 31. I wrote about the first incident, which involved an account held by Escrow.com. With many employees working from home because of Covid-19, it has likely become a much more challenging task to ensure GoDaddy employees use best security practices to avoid being hacked or having systems or accounts compromised.

According to an article in The Copper Courier, GoDaddy tested its employees by deploying an email promising a holiday bonus, but it was really a phishing test in disguise:

According to the article, “roughly 500 GoDaddy employees clicked on the holiday bonus email and ‘failed the test.‘”

I am not a security expert, but I would imagine these types of tests are commonplace at large companies and can serve as a reminder to employees to be extra cautious when dealing from emails that appear to be sent from official sources. Perhaps the security issues the company faced were caused by phishing or spearphishing, and the company is making an effort to keep employees vigilant at all times.

Many people are dealing with economic uncertainty due to the pandemic, so a bonus fakeout phishing test during this time is a bit cruel though. That said, I would imagine this is exactly the type of email a bad actor might send to try and gain access to GoDaddy systems and accounts.

I asked a GoDaddy representative if the company could comment about what happened, and I was told an apology was given to employees:

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized. While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.”

Security is one of the top factors for domain registrants when choosing a registrar and hosting service. I don’t know the right way to ensure that employees are following security protocols, but this particular effort was not appreciated. It is a bit scary that 500 employees fell for the ruse though.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

7 COMMENTS

  1. How funny! This coming from a company that does not have an ssl certificate on namefind.com site unsecure, and 2fa is not on afternic LOL. What else do they do advertise mediaoptions domain for sale on godaddy for 500 min offer and 1000s of other names that are not for sale. Could give you at 10 more things but it not go time and bye bye time. 🙂

  2. This reflects very poorly on GoDaddy.

    While I understand tests like this do make sense as GoDaddy has had some security and social engineering incidents over the years, this was a pathetic way to do this.

    How about actually giving your employees a bonus?

    Brad

  3. Its not really in poor taste. I mean they are employees. Did they their pay decrease during the pandemic or are they earning based on commissions? If so then yeah, poor taste, if not then how has the pandemic affected them? Just another sign the current zeitgeist is too sensitive in my opinion…and I hate Godaddy.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Have a Real Presence Online When Selling Domain Names

0
When it comes to selling domain names via outbound marketing, credibility is very important. If a prospective buyer receives an unsolicited and unexpected email...

2021 vs 2025 – % of .coms in my Portfolio

1
I don't closely track the percentage of domain extensions in my portfolio. I could have 75% .com or I could have 99% .com domain...

Nominations Open for 2026 ICA Awards

0
The Internet Commerce Association (ICA) is now accepting nominations for two domain investing community awards. Domain investors may now submit their nominations for the...

Bodis Gives Performance Update After Google Parked Domain Opt-Out

3
Bodis sent an update to customers yesterday about recent performance impacts related to pay per click parking revenue. The company attributed the decline to...

Glad This Sale Wasn’t an LTO

0
Sometimes, the most obvious use for a particular domain name is in a manner that would either be offensive, controversial, or negative. This will...