Image by Geralt via Pixabay / Futurism

The Virginia marketing agency ICF Next gave its staff a cybersecurity pop quiz in perhaps one of the least sensitive ways possible: by dangling coronavirus vaccines in front of them as bait.

ICF Next leadership sent out an email to staff claiming that the company had partnered with CVS pharmacy to secure COVID-19 vaccines for all of its employees, according to Adweek. At the end of the email was a signup link which, perhaps unsurprisingly, many of the employees clicked on.

“Great News!!!” the email began. “We are pleased to announce that ICF, in cooperation with CVS pharmacies, will be offering COVID19 vaccinations to employees beginning March 18. We have procured enough doses for the entire US-based staff but it won’t all be available at once.”

But oops! The email was a test meant to imitate a phishing attempt. Instead of a lifesaving vaccine, employees were awarded a stern talking-to about the value of cybersecurity and constant digital vigilance.

Needless to say, employees were pretty miffed about the whole experience, some told Adweek. It’s not hard to see why. Sure, these mock hack attempts need something tempting in order to trick people into clicking. But after a year-plus of living through a pandemic, maybe ICF Next could have just sent a friendly reminder to scrutinize and avoid clicking on suspicious links? Who’s to say.

In response to the outcry, ICF Next leadership kind of half-apologized by noting that the email “might have been especially disheartening,” but then doubled down on the original exercise by urging employees to be more careful about clicking links in the future.

Here’s the statement ICF Next gave to Adweek:

“This email was part of a routine program we run to keep our people and networks safe from attacks. Phishing and malware attackers are now using sensitive topics more and more to draw people in. However, putting the matter of safety aside, we recognize that the use of sensitive topics can lead to an emotional response. We will certainly keep this in mind moving forward and will review the third party we use to manage this program.”