Quotulatiousness

June 23, 2014

Justice Department staff fall for phishing scam simulation

Filed under: Cancon, Government, Technology — Tags: , — Nicholas @ 06:36

This doesn’t speak well of the federal government’s staff security training:

Many of the Justice Department’s finest legal minds are falling prey to a garden-variety Internet scam.

An internal survey shows almost 2,000 staff were conned into clicking on a phoney “phishing” link in their email, raising questions about the security of sensitive information.

The department launched the mock scam in December as a security exercise, sending emails to 5,000 employees to test their ability to recognize cyber fraud.

The emails looked like genuine communications from government or financial institutions, and contained a link to a fake website that was also made to look like the real thing.

What’s even more interesting is that the government bureaucrats fell for this scam at a far higher rate than average Canadian internet users:

The Justice Department’s mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails.

That’s a much higher rate than for the general population, which a federal website says is only about five per cent.

The exercise did not put any confidential information at risk, but the poor results raise red flags about public servants being caught by actual phishing emails.

A spokeswoman says “no privacy breaches have been reported” from any real phishing scams at Justice Canada.

Carole Saindon also said that two more waves of mock emails in February and April show improved results, with clicking rates falling by half.

So in an earlier test, our public servants were clicking on phishing links well over 50% of the time? Yikes.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress