If you’ve recently received an email from a renowned company asking you to disclose your personal information, such as your credit card or login details, you may have just fallen victim to a test by your employer. More and more frequently, companies are testing their employees to find out who would fall for a phishing email scam. Below, we’ll discuss some of the most prominent companies that have sent out these fake phishing emails, how they did it, how their employees responded, and how many of them fell for it. Check it out to gain insights regarding this phishing email test for employees!
Which Companies Have Done the Phishing Email Test for Employees?
West Midlands Trains
One of these phishing tests came from West Midlands Trains, a railroad operator in the UK. The company sent out an email to 420 employees in management roles. The email contained a link telling employees that they would receive a bonus for working hard despite the struggles brought about by the COVID-19 pandemic.
However, those who clicked on the link found out that they wouldn’t receive anything. It was just a test of their resistance to scammers. While the company considered this a training for its employees to protect themselves against hackers and scammers, the latter did not take it positively.
Most employees were furious about it and demanded an apology. The pandemic itself was already emotionally and financially draining to them, so a stunt like this wasn’t beneficial to their situation. A labor union representative also pointed out that instead of sending fake phishing emails, companies should adopt a more effective approach, like installing software that protects against ransomware or blocking phishing emails.
GoDaddy, a web hosting provider, also sent fake phishing emails to its employees. In the email, they promised that their employees would receive a Christmas bonus worth $650. They just had to fill out the form provided and enter their personal information.
Hoping to get their Christmas bonuses amid the coronavirus pandemic, about 500 GoDaddy employees clicked on the link. However, after two days, they received another email informing them that they failed the company’s phishing test. The employees were then infuriated with the company’s stunt.
While GoDaddy sent the fake emails with good intentions, the company understood why the employees were disappointed with their actions. After acknowledging that the phishing test was insensitive, they apologized to their employees.
Tribune Publishing, the owner of the Chicago Tribune and The Baltimore Sun, also sent out fake emails to their employees as a cybersecurity test. In the email, employees were informed that they would get bonuses ranging from $5,000 to $10,000.
Looking like an official announcement from the company’s HR department, the email had the subject line “Executive bonuses – Confidential.” The company said that the bonus was their way of thanking employees for their commitment and excellent performance. They also shared that the bonus was made possible because of the continued efforts to cut down on costs.
Then, they asked employees to log in to see their respective bonuses. Employees were also given the option to have the amount partially deposited into Tribune Publishing’s retirement savings program. However, these bonuses didn’t exist. They were instead taken to a page informing them that it was just a phishing test with reminders about company rules and staying cautious against online scammers.
The employees, however, were unhappy with the phishing test. They considered the act insensitive and disrespectful. In the end, Tribune Publishing issued an apology for sending out the fake bonus offers. They acknowledged that the email was indeed misleading.
Pinnacle Financial Partners
Pinnacle Financial Partners, a bank based in Nashville, Tennessee, also used phishing tests as a security test. Every quarter, employees would receive these fake emails, and the company would send the results to their audit committee as well as the board of directors. These emails would tell employees that their accounts would be locked because of unusual activities.
If you clicked on the link you’d see a message saying that it was just a fake phishing email. Some tips were also provided to help the employee detect suspicious messages from scammers. Those who clicked on the link regretted doing so and wondered how they missed it.
While it seems that the test had been received positively, big internet companies, like Microsoft and Google, think that it’s best to provide a verification system that wouldn’t allow scam artists to impersonate businesses through emails in the first place.
Phishing Scams: Stay Alert With Social Catfish
The phishing email test for employees often include promises of a bonus, which will only disappoint you in the end. However, as phishing scams continue to rise, take note of these common stories and tactics that real scammers use. To learn more about different types of scams online, visit our page.
No sales pitches, no games, and one-click unsubscribe.
Who We Are
Social Catfish is an online dating investigation service based in California, USA. We verify information to confirm if the person that you've met online is really who they say they are.
What We Do
We do in depth checks using our own proprietary online tools to verify things like images, social profiles, phone numbers, emails, jobs and a lot more to make sure that you have the most information about the person that you've met online. We are the only company doing verification of public information such as jobs, phone numbers criminal checks as well as social profiles and images.
If you want to be aware of the latest news and catfish stories, subscribe to our newsletter!
Disclaimer: You may not use SocialCatfish.com or the information we provide to make decisions about consumer credit, employment, insurance, tenant screening, or any other purpose that would require FCRA compliance. SocialCatfish.com does not provide consumer credit reports and is not a consumer credit reporting agency. (These terms have special meanings under the Fair Credit Reporting Act, 15 USC 1681 et seq., ("FCRA"), which are incorporated herein by reference.) While we do pride ourselves on our thoroughness, the information available on our website or that we provide at times may not be 100% accurate, complete, or up to date, so do not use it as a substitute for your own due diligence, especially if you have concerns about a person's criminal history. SocialCatfish.com does not make any representation or warranty about the character or the integrity of the person, business, or entity about which you inquire, or the information available through our website or that you receive from us or any or our representatives.