‘Despicable behaviour’: UK train company lambasted over online cyber-security ‘test’ falsely promising bonus for employees

A UK transport union has lashed out at West Midlands Trains for causing “so much hurt,” after the operator promised staff a bonus for “hard work” during the Covid pandemic, before revealing it was a “phishing simulation test.”

In a Twitter post on Tuesday, Manuel Cortes, general secretary of the Transport Salaried Staffs’ Association (TSSA) union, said the private-sector train operator’s behaviour was “despicable” and a “cynical and shocking stunt.”

According to the union, West Midlands Trains (WMT) emailed 2,500 of its staff on April 21 thanking them for their “hard work” during the pandemic and promising workers a one-off payment.

When the employees clicked on a link provided in the email, however, they received an additional message saying they would not be receiving a bonus and that the email was in fact a “phishing simulation test.”

“This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward,” the message said.

WMT said they aimed to test the staff’s “resilience” by mimicking tactics used by criminal organisations to get personal data from employees and companies.

Cortes called on the train operator to apologise and offer bonuses to staff anyway, in order to “begin to right a wrong which has needlessly caused so much hurt.”

The tactic employed by WMT has divided Twitter users, with some slamming it as an “incredibly callous, backslapping stunt,” while others justified it, as it was exactly the kind of tactic “scammers would use.” 

The railway firm was also criticized for using the pandemic as a way to push people’s emotional buttons at a time of already heightened stress.

Like this story? Share with a friend!