West Midlands Railway says it regularly conducts such cybersecurity audits.

British railroad company West Midlands Trains (WMT) was criticized for a “cynical and shocking stunt” after it sent an email to its employees promising a bonus, which was actually a cybersecurity test of the system.

WMT sent emails informing its employees that they will receive financial rewards for their “hard work” during the coronavirus pandemic.

However, when the delighted workers went to the proposed link to find out the details of the future award, they received a second message, which explained that the previous message was only a “system check”.

The railroad union called the company's behavior “rude and reprehensible.”

• Hackers have already attacked hospitals and pharmaceutical companies. But things could get worse
• As a result of a hacker attack, the data of 9 million EasyJet passengers were stolen
• Unknown hackers stole data on new coronavirus vaccines
• Cologne resident fell for Elon Musk's fake tweet and lost more than 500 thousand dollars

The first email was designed to mimic phishing, a tactic used by cybercriminals to gain access to a company's database, WMT said.

In response, Transport Workers' Union General Secretary (TSSA) Emanuel Cortez said the firm could have done it any other way and called on WMT to apologize and indeed pay bonuses to workers who “have donated a lot in the past 12 months.”

“Thus, a company that thoughtlessly caused such suffering could begin to make amends,” he stressed. According to the TSSA union, false bonus alerts were sent to 2,500 workers.

Meanwhile, the company says it takes cybersecurity issues very seriously and conducts inspections on a regular basis.

“This important check deliberately used the type of messages that are sent by real cybercriminals, but without causing real harm,” – said a spokesman for WMT.

Cyberattacks against various companies have been gaining momentum lately, and their consequences can be very costly and even disruptive to business. Not surprisingly, many employers want their employees to be on the alert and not fall for the bait of hackers sending out fake SMS and emails.

However, cybersecurity experts warn that inspections should be very careful so as not to cause psychological trauma to employees and not distract attention from compliance with real safety.