It is important to be continuously testing your cybersecurity defences, and testing your staff to be able to recognise phishing emails is a good idea to help identify weaknesses. However, a UK train firm has come under fire from unions for a slightly tactless way of testing their workers.
BBC News reports that West Midlands Trains emailed around 2,500 employees with a message purporting from being from managing director Julian Edwards, thanking them for their hard work over the past year, and to promise a bonus to workers who had kept the trains running throughout the pandemic.
The email said they would get a one-off payment as a thank you, but those who clicked through on the link to read the thank you message and for more details were then emailed back to inform them that it was a company-designed ‘phishing simulation test’, and that there was no bonus.
It warned: “This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward.”
The Transport Salaried Staffs’ Association (TSSA) union general secretary, Manuel Cortes, said it was ‘crass and reprehensible’, particularly given that one West Midlands rain worker had died from COVID-19, and many others had been ill with the virus.
“This was a cynical and shocking stunt by West Midlands Trains, designed to trick employees who have been on the frontline throughout this terrible pandemic – ensuring essential workers were able to travel,” he said.
He said that the transport firm must now be held to account for their behaviour and that they should pay a real bonus to help make amends.
“Our members have made real sacrifices these past 12 months and more. Some WMT staff have caught the disease at work, one has tragically died, and others have placed family members at great risk,” he said.
A West Midlands Trains spokesperson said: “We take cybersecurity very seriously. We run regular training and it’s important to test your resilience.
“The design of the email was just the sort of thing a criminal organisation would use – and thankfully it was an exercise without the consequences of a real attack.”
If you’re looking for IT support and services in Doncaster, get in touch today.