A train company has come under fire for emailling 2,500 staff to say they were in line for a bonus – only to reveal later it was actually a cybersecurity test.
West Midlands Trains (WMT) told staff they would receive a financial reward thanks to their “hard work” during the coronavirus pandemic.
Recipients were invited to click on a link for “information of your one-off payment”.
But the company sent a further email to those who opened the link, explaining that “this was a test designed by our IT team”.
The original message was designed to “closely mimic the tactics that, sadly, are being used on a daily basis by expert criminal organisations to try to gain access to company data”, the follow-up message stated.
The Transport Salaried Staffs’ Association (TSSA) trade union claimed the promise of a bonus was sent to 2,500 members of staff, and condemned the the move as a “cynical and shocking stunt”.
Manuel Cortes, the union’s general secretary, said: “This was a cynical and shocking stunt by West Midlands Trains, designed to trick employees who have been on the front line throughout this terrible pandemic, ensuring essential workers were able to travel.
“The company must now account for their totally crass and reprehensible behaviour.
“They could and should have used any other pretext to test their internet security.
“It’s almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus.
“Our members have made real sacrifices these past 12 months and more.
“Some WMT staff have caught the disease at work, one has tragically died, and others have placed family members at great risk.
“We need to know who sanctioned this email and we need an apology.
“Moreover, having fraudulently held out the prospect of a payment to staff, WMT must now be as good as their word and stump up a bonus to each and every worker.
“In that way the company can begin to right a wrong which has needlessly caused so much hurt.”
A spokesman for WMT, the parent company of West Midlands Railway and London Northwestern Railway, said: “We take cybersecurity very seriously, providing regular training on the subject and we run exercises to test our resilience.
“Fraud cost the transport industry billions of pounds every year.
“This important test was deliberately designed with the sort of language used by real cyber criminals but without the damaging consequences.”
This article originally appeared on HuffPost UK and has been updated.