A train company in the UK has been criticised after an email offering employees a monetary bonus turned out to be an anti-phishing warning instead.
West Midlands Trains emailed 2500 staff with a link to a message from Managing Director Julian Edwards, recognising the huge strain they'd been under and offering "a one-off payment to say thank you for all of your hard work over the past 12 months or so".
But anyone who clicked to find out how much they were getting were instead emailed by the HR Director telling them the bonuses didn't exist and they had clicked on a "phishing simulation test".
Phishing is an attempt to gain sensitive information or data from people by appearing to come from a trustworthy source and many companies undertake this type of security testing.
But invoking the pandemic and the sacrifices the workers made to keep the trains running has raised the ire of the union representing the workers, who have branded it "totally crass and reprehensible behaviour".
Manuel Cortes, General Secretary of the Transport Salaried Staffs' Association (TSSA), has asked for an apology for the "cynical and shocking" stunt, noting that a worker from the company had died from COVID-19.
"They could and should have used any other pretext to test their internet security. It's almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus," he said.
An apology appears unlikely, however, with a West Midlands Trains spokesperson telling the Guardian "we take cybersecurity very seriously. We run regular training and it's important to test your resilience."
"The design of the email was just the sort of thing a criminal organisation would use - and thankfully it was an exercise without the consequences of a real attack."
