This "phishing" test stinks. From the head down.
By on Posted in Cybersecurity

Pee-yew.

A major media company, like a lot of media employers these days, has been facing difficult economic times and has had furloughs, pay cuts, and buyouts.

So the surviving employees were tickled pink when they received an email saying they were going to receive bonuses of $5,000 to $10,000 because the company's austerity measures had been so successful.

All they needed to do was click on the link and enter their passwords.

OK, that is bad. Allow me to make it worse. This wasn't even a cybercriminal. The employer had chosen this message to use as a test "phishing" email.

You know about those, right? Many employers periodically send out a fake "phishing" email. The link is really safe, so no harm done if a gullible employee clicks on it, and it's a good way for employers to determine how much cybersecurity education their employees need. As the government of the State of Michigan found out a few years ago (scroll down to No. 3).

But it's not very nice to have the fake phishing email mislead employees about sensitive topics, like their flippin' pay. And according to Twitter (so it must be true!), a different company once sent a fake phishing email telling employees they'd been fired.

What???????

That's even worse than a fake promise of a bonus!

Anyway, the employer who promised the bonus did publicly apologize, so that was good. And the Founder and CEO of cybersecurity company KnowBe4 wants you to know that his company had nothing to do with the content of this phishing expedition.

TAGS: Cybersecurity, HR, Phishing
Facebook Twitter/X Linkedin Email
  • Smiling older woman with short gray hair and glasses, wearing a dark gray cardigan over a black top and a beaded necklace, with arms confidently crossed. She has a warm, approachable demeanor and a professional presence against a transparent background.
    Robin E. Shea
    Of Counsel & Chief Legal Editor
    336.721.6854 |

    Robin also conducts internal investigations and delivers training for HR professionals, managers, and employees on topics such as harassment prevention, disability accommodation, and leave management.

    Robin is editor in chief ...

    More from Robin: Full Bio | Contact Author | LinkedIn | Blog Posts

This is Constangy’s flagship law blog, founded in 2010 by Robin Shea, who is chief legal editor and a regular contributor. This nationally recognized blog also features posts from other Constangy attorneys in the areas of immigration, labor relations, and sports law, keeping HR professionals and employers informed about the latest legal trends.

Search

Get Updates By Email

Subscribe

Archives

Legal Influencer Lexology Badge ABA Web 100 Badge
Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek