Union demands answers after company apologizes for “misleading and insensitive” email that offered fake bonuses amid pandemic furloughs, newsroom shutdowns and pay cuts

By Julie Reynolds

A test to see whether Tribune Publishing employees would fall for an email “phishing” scam went south fast on Wednesday, and now union representatives are demanding an apology for the “cruel” trick as well as answers from the company’s CEO.

On Thursday, a joint letter sent to Tribune CEO Terry Jiminez by nine NewsGuild bargaining units demanded an apology for the letter. Noting that an apology had been sent yesterday to try to justify the letter, the unions stated that “nothing could excuse the hurt it caused. We’re waiting.”


Letter to Tribune CEO Terry Jimenez. Click to enlarge.


The controversy began when employees checking their email Wednesday saw a message that appeared to come from Tribune management.

“We are pleased to inform you that we are providing targeted bonuses between 5,000 and 10,000 dollars this year,” the message read. “Tribune Publishing is able to provide this bonus as a direct result of the success created by the ongoing efforts to cut our costs!

“We want to thank you for your ongoing commitment to excellence at Tribune Publishing, and to congratulate you on your outstanding performance!”

Staff were asked to click through to a link to see how much their bonus would be.

It was a welcome gesture from a company that has spent the past year cutting salaries, putting workers on unpaid furloughs, and even shuttering newsrooms after defaulting on lease payments since April.



But any employee who clicked through got this message from a third-party testing service called KnowB4: “Oops! You clicked on a simulated phishing test!”




The only glaring clue the message might be fake was in the misspelled salutation, which read “Congradulations Executives!!”

Outrage erupted all over social media Wednesday, especially on Twitter, with some calling for firing those who made the decision to send the message.

Vice quickly ran a story headlined “Tribune Publishing Out-Evils Itself With Phishing Email Promising Bonuses,” and the Washington Post also wrote about it.

Companies sometimes conduct phishing tests on employees to try to discover whether staff might be vulnerable to malware and other online attacks. But the premise of this one came across as highly offensive after Tribune staff endured permanent pay cuts and unpaid summer furloughs.

“Gone phishing,” Chicago Tribune reporter Angie Leventis Lourgos  tweeted on Thursday. “Taking a 20-minute lunch break to contemplate how some companies actually reward employees with bonuses, while others taunt them with the idea via egregiously insensitive cyber security schemes.”

The budget-slashing hedge fund Alden Global Capital, which owns a third of Tribune’s stock, began exerting greater control over Tribune’s board late last year and has noted in internal company documents that is it is gunning to acquire a larger stake as soon as January. This summer, Alden founder Randall Smith joined Tribune’s board, giving Alden cronies three out of seven board seats and “deepening” the hedge fund’s influence at Tribune, according to internal documents obtained by DFMworkers.org.

Recently, in a move taken straight from Alden’s playbook at its news chain MNG Enterprises, Tribune began shuttering offices at five papers and told employees they’ll be permanently working from home.


Blaming the victim?

Some critics jumped on reporters after the Washington Post reported on the test.

One Twitter user calling himself “Jack,” (@Jack08J) wrote that the test “sounds like a very smart idea. If you are dumb enough to click on those links maybe journalism isn’t for you.”

But these critics are missing the point – outraged employees are not questioning whether phishing tests can be useful. They are asking why Tribune would use such a message as click-bait, teasing economic relief during particularly hard times.

“This is a heartless, insulting and tone-deaf exercise,” the Chicago Tribune Guild posted. “What a profoundly cruel way to taunt journalists after you just stole three weeks of our pay to hand more cash to shareholders and hedge fund vultures.”

As the Guild’s letter to Jimenez noted on Thursday, the company first apologized in response to the Washington Post, but not to employees.

Only after the Post’s media critic Eric Wemple posted the apology on social media did Tribune finally send a message to employees from vice president of information technology Sarp Uzkan.

“The company had no intention of offending any of its employees,” Uzkan wrote. “In retrospect, the topic of the email was misleading and insensitive, and the company apologizes for its use.”

Uzkan said more employees clicked on the provided link than any test since the company began conducting phishing tests last year.


Click to enlarge


Several Tribune employees told DFMworkers.org they couldn’t recall seeing similar tests performed in the past, while others did remember some. But those tests never offered cash or bonuses, one employee said.

One staffer said the reason many workers clicked through on this one was simply to document and take a screen grab of the response, which essentially ruins the relevance of the data collected.

Employees who clicked through, no matter the reason, said they are now required to take part in “phish fail” training. The joint Guild letter to Jimenez is asking the company to forgo the training.

Stu Sjouwerman, founder and CEO of KnowB4, the firm that engineered the test, tried to distance himself from the controversy and said Tribune wrote the message, not his company.

The IT community is engaging in an ongoing debate about the ethics of such tests – and some hold that companies’ security experts, not the end users who click a link, are actually the “weakest link” in phishing scams.

“The problem lies not with the user, but with the experts,” says Ira Winkler of the tech blog DarkReading. “User actions are expected and, most importantly, enabled by security staff. The problem with the expression ‘the users are the weakest link’ is that it abdicates responsibility for stopping problems. Security professionals may believe that they did everything they could, but they’re really just giving up.”

Regardless of whether Tribune intended to taunt its workforce with the phishing email, the message drove home what employees have been saying all year: Now more than ever under Alden’s influence, it clearly just doesn’t care.

“How much contempt does @tribpub have for its employees?” the Guild representing Tribune-owned Hartford Courant employees asked on Twitter. “After cutting our pay and laughing at our bargaining proposals, the company had the gall to offer fake raises as part of a cybersecurity test.

“When you think they can’t go lower, they do.”