Tribune apologizes for cruel prank on newspaper reporters

As part of a cyber security test, the newspaper publisher told employees by email they qualified for bonuses that didn't exist.
The logo of Tribune Publishing. (Graphic: The Desk)

Executives at Tribune Publishing have apologized to reporters, editors and subordinates working at local newspapers across the country after the company’s information technology department sent an email fraudulently claiming those employees had earned thousands of dollars in bonuses that did not exist.

The email sent on Wednesday was part of a simulated phishing test that was intended to measure the cybersecurity readiness of Tribune Publishing employees.

“We are pleased to inform you that we are providing targeted bonuses between 5,000 and 10,000 dollars this year,” the email said, adding that the company was able to provide the bonuses due to cost-cutting measures.

Employees were then asked to enter their credentials at a website that was linked in the email. Once clicked, employees were re-routed to a webpage absconding them for clicking an unverified link in an email and reminding them of three “rules to stay safe online.”

Naturally, the email did not sit well with reporters, editors and other employees who are survivors of Tribune Publishing’s cost-cutting measures over the years that included the layoffs of veteran journalists, the elimination of certain benefits and a reduction in salaries and bonuses paid.

After slashing our staff, closing newsrooms, furloughing reporters and cutting pay during a pandemic, [Tribune] thought a neat little way to test our susceptibility to phishing was to send a spoof email announcing large bonuses,” Justin Fenton, a crime reporter for the Tribune-owned Baltimore Sun, wrote in a tweet. “Fire everyone involved.”

No one has been fired, and the move was defended in a pseudo-apology issued by the company on Thursday, though executives noted they could have gauged their cyber readiness differently.

“Based on input provided by the company’s cyber security team and advisors, the content of the test included language regarding employee bonuses. Having fallen victim to attacks of this nature before, the company recognized that bad actors use this type of language regularly, and [so it] decided to use the language to simulate common phishing scams,” a company statement read.

The statement went on to say that the company “had no intention of offending any of its employees.”

“In retrospect, the topic of the email was misleading an insensitive, and the company apologizes for its use,” Tribune said.

Thanks for reading and supporting The Desk. If you have a question, comment or news tip, send a message by email or text, or connect on Facebook, Twitter or LinkedIn.

Also, check out our new membership service The Desk: Pro Access for exclusive reporting, news scoops and in-depth analysis.