Latest NewsEmployee relationsEmployee communicationsBonusesTrade unions

Rail staff falsely promised bonus in cyber security exercise

by Ashleigh Webber
by Ashleigh Webber Alex Daniels / Shutterstock.com
Alex Daniels / Shutterstock.com

A rail union has criticised West Midlands Trains for a ‘cynical and shocking stunt’ that involved sending out an email to employees that falsely promised bonuses, in an attempt to test their cyber security awareness.

On 21 April, the train operator sent 2,500 staff an email from ‘Finance and Payroll’ which thanked them for their hard work during the pandemic. It suggested they could expect a financial reward and a message of thanks from managing director Julian Edwards if they clicked on a link.

However, West Midlands Trains later revealed that it was a “phishing simulation test” which was designed by its IT team to test staff awareness of common email scam techniques.

Those who opened the email link later received an email from HR that read: “I am writing to confirm that this was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward to try and convince you to provide your details. This test was purposefully designed to closely mimic the tactics that, sadly, are being used on a daily basis by expert criminal organisations to try to gain access to company data and systems.”

The activity was described by the Transport Salaried Staffs’ Association (TSSA) as “totally crass and reprehensible behaviour”, given that employees had worked hard throughout the pandemic and the fact that one worker at the company has died and many others have fallen ill with Covid-19.

TSSA general secretary Manuel Cortes said: “This was a cynical and shocking stunt by West Midlands Trains, designed to trick employees who have been on the frontline throughout this terrible pandemic.

“They could and should have used any other pretext to test their internet security. It’s almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus.

“We need to know who sanctioned this email and we need an apology. Moreover, having fraudulently held out the prospect of a payment to staff, WMT must now be as good as their word and stump up a bonus to each and every worker.”

A West Midlands Trains spokesperson said: “We take cyber security very seriously, providing regular training on the subject and we run exercises to test our resilience.

“Fraud cost the transport industry billions of pounds every year. This important test was deliberately designed with the sort of language used by real cyber criminals but without the damaging consequences.”

HR business partner opportunities on Personnel Today

Browse more HR business partner jobs

Ashleigh Webber

Ashleigh is editor at OHW+ and HR and wellbeing editor at Personnel Today. Ashleigh's areas of interest include employee health and wellbeing, equality and inclusion and skills development. She has hosted many webinars for Personnel Today, on topics including employee retention, financial wellbeing and menopause support. Prior to joining Personnel Today in 2018, she covered the road transport sector for Commercial Motor and Motor Transport magazines, touching on some of the employment and wellbeing issues experienced by those in road haulage.

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

You may also like

Queen’s Speech: Exclusivity contracts for low-paid workers to...

Ikea France fined €1m for spying on staff

Goldman Sachs orders staff to disclose vaccine status

Could a blockchain health record help HR handle...

Employee surveillance: getting the balance right

Ensure workers have right to privacy when work...

Vaccination and data protection: What do employers need...

Seven key employment law cases from 2020

Uber sued for ‘automated’ dismissals

Victory for campaigners in face recognition case is...