GoDaddy wins our 2020 award for most evil company email

[Conscript]

We recently got an email from our IT security department with a general warning about phishing emails. It said the usual, be suspicious, check the sender, and not to click on links, etc. At the end of the email, it then said, "if you suspect you've received a phishing email, report it to us by clicking the link below".

An hour, later they had to send a follow up clarifying that it wasn't a test, because everyone had emailed them back pointing out the irony. Then everyone kept trolling them on MS Teams by refusing to believe them, "Are you sure you're our IT department?"

 

[adolf hamster]

Guess it depends on how much the ruse looked legit.

If it came from say the hr managers internal email account and was very close to the sort of thing employees would expect then its defo cruel.

If it was sent from a spoof address or had some sort of faked telltale that you'd spot if you were on the lookout for a real scam then i guess its fair.

My golden rule is i'll never click an in-email link and navigate to the same place externally (eg if it says "click to access your paypal account" i'll go to paypal via another route.

Only exception is when its something i'm expecting to get like a password reset or a contextual part of a conversation with a trusted contact.

 

[Diddums]

Godaddy is quite possibly one of the scummiest companies I've ever dealt with. I'd rather not have a website than use them.

 

[mmj_uk]

If the email was genuine they wouldn't need to provide any personal details in order to receive the bonus, also not sure what difference it makes being from a GoDaddy domain because anyone can register one and send out such an email. I don't see how it's cruel either the only people who got their hopes up were people in need of the training, those people should probably be thankful they haven't just had their bank accounts emptied.

 

[Zenduri]

Regardless of what domain it came from, if you read the email and think about it for a minute. It is a pretty stupid email.

Why would you need to sign up for a company bonus?
Why does the company who pays you and has your details on record need you to fill out a seperate form with all these details?

I guess end of the year people tend to relax and switch their brains off.

This^^^^^^^^

We get these all the time at work and yet people still click on links, download attachments and provide information. Nothing wrong with this at all and it must be a slow news day at the verge? Generally the only people that get enraged about these are people stupid enough to fall for them.

We've had idiots in our call centre download ransomware on a regular basis "disguised" as an invoice, considering they would never receive or deal with an invoice. Fortunately it's always been caught before its done any damage.

 

[Rroff]

Why would you need to sign up for a company bonus?
Why does the company who pays you and has your details on record need you to fill out a seperate form with all these details?

I guess end of the year people tend to relax and switch their brains off.

Plenty of companies, especially larger ones, have fragmented internal systems - where I work now for instance I have to separately fill out details regarding dividend payments, pension stuff, etc. despite the company having my details

We've had idiots in our call centre download ransomware on a regular basis "disguised" as an invoice, considering they would never receive or deal with an invoice. Fortunately it's always been caught before its done any damage.

Best one for me was working for a company where one of the IT guys was always looking down on people when it came to IT stuff, berating people about security practises, etc. one day for some reason he connected his personal laptop to the closed production system to install a printer driver and infected the system with malware from his own laptop... I was there when the penny dropped and he realised where it had come from...

 

[lakitu]

Best one for me was working for a company where one of the IT guys was always looking down on people when it came to IT stuff, berating people about security practises, etc. one day for some reason he connected his personal laptop to the closed production system to install a printer driver and infected the system with malware from his own laptop... I was there when the penny dropped and he realised where it had come from...

Hahaha served him right! I hope he got stick for it hehe

 

[Chuk_Chuk]

Plenty of companies, especially larger ones, have fragmented internal systems - where I work now for instance I have to separately fill out details regarding dividend payments, pension stuff, etc. despite the company having my details

Sounds like they need to join the 21st Century and move away from paper based systems. while they are digitising their records they could upgrade from MS-Dos at the same time.

 

[arknor]

also not sure what difference it makes being from a GoDaddy domain because anyone can register one and send out such an email.

so you can go buy google.com and googlemail.com, microsoft.com etc and get scamming? goodluck with that.. you might be able to get @microsoft.rom or something which no one will fall for

 

[Yaayuh!]

perfectly good, anyone can fake a real domain we do it at work all the time

Indeed. Spent a lot of my time looking at headers.

Over my years of working in IT i'm still shocked at how bad some companys are with email setup in regards to lack of or badly implemented SPF, DMARC and DKIM. SPF really gets on my ****, there's no reason really to have SPF set to soft fail unless in a migrationary stage, hard fail them baby!

 

[Deleted member 77746]

My golden rule is i'll never click an in-email link and navigate to the same place externally (eg if it says "click to access your paypal account" i'll go to paypal via another route.

This is what I keep telling people, don't click links in email. In fact - I think Microsoft and other clients should strip links permanently for security so you can't click them.

so you can go buy google.com and googlemail.com, microsoft.com etc and get scamming? goodluck with that.. you might be able to get @microsoft.rom or something which no one will fall for

Plenty people would fall for domain scam emails, happens all the time. The last one I heard of was some admin paid a large invoice to a company because the scam email address looked just like the companies with even a real email footer so it appeared to be genuine. If only she checked first with finance.

Over my years of working in IT i'm still shocked at how bad some companys are with email setup in regards to lack of or badly implemented SPF, DMARC and DKIM. SPF really gets on my ****, there's no reason really to have SPF set to soft fail unless in a migrationary stage, hard fail them baby!

I think in this day and age email for a business should be treated at a super high priority. If it's not hosted with either Google or Microsoft and on just a standard web host it shouldn't be run at all Same with data. Any business still running their email on a web host shouldn't deserve to run it at all. I mean for what it costs even for a small business it's worth implementing the costs for security alone.

 

[R.P.L]

Regardless of what domain it came from, if you read the email and think about it for a minute. It is a pretty stupid email.

Why would you need to sign up for a company bonus?
Why does the company who pays you and has your details on record need you to fill out a seperate form with all these details?

I guess end of the year people tend to relax and switch their brains off.

This. Even when I get scam emails that look like they've been put together by an adult with an IQ > 80 (which is rare), there's nearly always some dead giveaway that it's not genuine just based on the narrative given by the email.