[News] New phishing test—fake bonuses
Delighted West Midlands Trains U.K. employees received a thank you message and the offer of a bonus for running trains during the pandemic. To get the bonus, they just had to click a link. Unfortunately, the message, signed by their Managing Director, was false.
The company message sent to those who clicked on the bonus link told them this “cybersecurity test” mimicked a phishing attack and that by clicking, they had failed the test.
Train union leader Manuel Cortes described the email as “crass and irresponsible,” adding “it’s almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus.”
It’s not the first time fake bonus tests like these have gone into circulation during the pandemic. In the United States, just before Christmas, GoDaddy sent its employees a similar fake bonus message for all the extra work they’d put in during the pandemic. As online sales of website products surged for GoDaddy, so did the outrage on Twitter and among their employees.
The company responded by holding a town hall at which GoDaddy employees called the cybersecurity stunt “tone-deaf.” Just months before, the company announced widespread layoffs, including in the Arizona office, which sent the holiday bonus message.
In the same year, in September, the publishing company behind the Chicago Tribune dangled a phishing test bonus in front of employees soon after shutting down their newsrooms, laying off staff, and cutting salaries due to the pandemic. Tribune employees were furious and took to social media, demanding those responsible be fired. The company later apologized and called the email “misleading and insensitive.”
Phishing reply tests are designed to catch employees who are most likely to fall for a fake email. The key to writing a good one is if the employees see it comes from someone they trust. The goal is to make employees more suspicious — but if a test is handled poorly, the only real effect of such emails is to leave the internal public relations team in crisis.
In other news
‘Dogefather’ coin dives after Musk appears on Saturday Night Live. Last week we reported on the astonishing rise in the value of meme cryptocurrency DogeCoin. We waited — with bated breath — for the appearance of the self-styled ‘Dogefather’ Elon Musk to host Saturday Night Live. Those hoping for Elon Musk’s appearance to improve the valuation of Dogecoin were disappointed. This might have been due to a hilarious comedy sketch calling Dogecoin ‘a hustle’ — crypto markets not finding things quite so funny.
A majority of Apple’s mobile users opt-outing out of tracking. We also reported on Apple’s new automatic tracking opt-out for mobile users. It turns out, only 4% of U.S. Apple users want to be tracked. Worldwide, the figure is slightly higher for its iOS 14.5 update at 12%. The feature is proving extremely popular with everyone apart from Facebook, who’ve taken out a paper advert claiming the tracking opt-out “will limit businesses’ ability to run personalized ads and reach customers effectively.” Kind of the point, really.
Google celebrates World Password Day with 2FA. 2FA is becoming the password authentication tool of choice. In honor of World Password Day, Google is to turn on 2FA by default — calling it 2FV. The Google system combines something you have (e.g. your phone) with something you know (like your pin code or fingerprint). You can opt out of the new 2FV, but for now, it’s the default.
Pipeline shut down due to cyberattack. Last Friday, Colonial Pipeline, a company that provides 45% of all fuel consumed on the U.S. East Coast, fell victim to a ransomware attack. According to the FBI, a Russian hacker group, gained access to the company’s IT resources at their main plant, causing the company to shut down the pipeline as a precaution. Although the company restarted the pipeline on Thursday, it may take several days for regular supplies to reach states affected by the shutdown. In the meantime, the temporary shortage of fuel continues to cause long lines at gas stations and widespread gasoline panic-buying and hoarding. Such hoarding led to a Hummer catching on fire in Florida, and even prompted U.S. officials to issue warnings against placing gasoline in unapproved containers.
Tip of the week
In a week of news that feels a bit like the hokey pokey — you can opt into adverts, be auto-opted out by Apple, be auto-opted in by Google to 2FA — you always know where you stand with Namecheap. Make sure you bring all your dreams to life and buy a domain from us. As your domain registrar, we champion Internet freedom and high standards for privacy on the Internet.