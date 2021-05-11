Union fury at 'shocking Covid bonus' phishing test

By on
Union fury at 'shocking Covid bonus' phishing test
Credit: WMT Facebook.

Simulated security exercise backfires.

A British trade union is demanding an apology from the West Midlands Trains rail company for running a phishing readiness test disguised as a bonus payment reward for staff that worked through the Covid-19 pandemic.

The Transport Salaried Staffs' Association (TSSA) published the text of the phishing email, which was made to look like it was sent from West Midlands Trains' (WMT's) "Finance and Payroll department."

Staff were told they would be offered a one-off payment "to say thank you for all of your hard work over the past 12 months or so" and encouraged to click on an Microsoft Office 365 link that would lead to a personal message from WMT managing director Julian Edwards.

Instead, the link went to a Sharepoint website which contained a simulated phishing exercise set up by Microsoft for WMT.

Employees who clicked on the link in the phishing message then received an email from WMT human resources telling them to be aware of communications that asked staff for login credentials.

A furious general secretary of the TSSA, Manuel Cortes, issued a strongly worded statement, accusing West Midlands Trains of "deliberately tricking their employees" using the pandemic, to test IT security.

Slamming the test as totally crass and reprehensible behaviour, Cortes pointed out that one railway worker has died of Covid-19, with many others falling ill.

Cortes called on WMT to apologise for the test, and make good on the promise in the phishing email and "stump up a bonus to each and every worker".

Simulated phishing attacks are meant to raise IT security awareness with staff.

They are controversial, and have backfired on numerous occasions, like in December last year when domain name seller GoDaddy sent out an email promising a US$650 holiday bonus for staff.

The phishing test exercise sparked a social media backlash against GoDaddy, and drew attention to the company's data breaches in recent times.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
microsoft security training & development tssa west midland trains

Sponsored Whitepapers

Customer Identity and Access Management for Dummies
Customer Identity and Access Management for Dummies
Empowering workforces in the new environment
Empowering workforces in the new environment
Is the technology refresh dead?
Is the technology refresh dead?
DevSecOps: A framework for digital innovation
DevSecOps: A framework for digital innovation
Encryption: Protect your most critical data
Encryption: Protect your most critical data

Events

Most Read Articles

NBN Co already wants to upgrade some FTTC users to full fibre

NBN Co already wants to upgrade some FTTC users to full fibre
NBN Co sees large jump in 250Mbps, gigabit users

NBN Co sees large jump in 250Mbps, gigabit users
Starlink satellite internet service gets 500,000 preorders

Starlink satellite internet service gets 500,000 preorders
John Holland breaks first ground on three-year digital transformation

John Holland breaks first ground on three-year digital transformation

Log In

Email:
Password:
  |  Forgot your password?