GoDaddy sent out emails to their employees to test their internal technology security. The emails were not from an official or internal GoDaddy email address/domain, i.e. it was outside email designed to look like it was official company email. The email message promised employee bonuses but required employees to give out personally identifying information (stuff that should be secure) in order to get the bonus. Some employees happily surrendered the information to get money without verifying that the email was actually from GoDaddy thereby failing the security test that would ensure employees don't give out sensitive data to outside individuals. The employees that failed the test were then forced to attend mandatory technology security training to teach them not to do this again. The problem here is that GoDaddy made poor choices in their selection of the content of the email. The email was designed to look enticing to employees by saying they would get bonuses. While this is exactly the sort of thing a malicious outsider seeking sensitive information would do, GoDaddy chose poorly to use bonuses as bait during a tough economic time when people could really use the money. GoDaddy wasn't in the wrong necessarily, but they certainly didn't do anything positive for the morale of their employees by baiting with bonuses they will never see. It was a good technical test, but it was also a failure on employee trust and company morale. They left a bad taste in the mouths of their employees and I'm sure they will be mocked internally for years to come. No one will believe in bonuses being offered in the future due to this debacle. Sad.