Phishing Scam Ensnares Almost 2,000 Justice Department Staff

Phishing Scam Ensnares Almost 2,000 Justice Department Staff OTTAWA - Many of the Justice Department's finest legal minds are falling prey to a garden-variety Internet scam. An internal survey shows almost 2,000 staff were conned into clicking on a phoney "phishing" link in their email, raising quest ions about the security of sensitive information. a security exercise, sending emails to 5,000 The department launched the mock scam in Decem ber employees to test their ability to recognize cyber fraud. The emails Iooked like genuine communications from government or financial institutions, and contained a link to a fake website that was alsD made to look like the real thing. Across the globe, an estimated 156 million of these so-called "phishing" emails are sent daily, and anyone duped into clicking on the embedded web link risks transferring confidential informat ion – such as online banking passwords – to criminals. The Justice Department's mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails. That's a much higher rate than for the general population, which a federal website says is only about five per cent. The exercise did not put any confidential information at risk, but the poor results raise red flags about public servants being caught by actual phishing emails. A spokeswoman says "no priivacy breaches have been reported" from any real phishing scams at Just ice Canada. Carole Saindon also said that two more waves of mock emails in February and April show improved results, with clicking rates falling by half. "This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security to protect the integrity of the department's information systems and in turn better protect Canadians," she said in an email. "In this case, this exercise specifically dealt with the threat from phishing which is increasingly being used as an attack vehicle of choice by oyber criminals." "As this project progresses, we are pleased that the effectiveness of this campaign is showing significant improvement." A February briefing note on the exercise was obtained by The Canadian Press under the Access to Informat ion Act. The dapunMent indicates there are mare such ercises planned - in June, August and Octaber - and that the simulatians will be "raduating in levels af saphistiatian! Thase aught bythe simulatian are natitied by a pap-up windaw, giving them tips an spatting maliciaus messages. The federal gavemment's Get EyberSafe website says abaut 10 per cent af the 156 millian phishing Emails glabally make it thraugh spam filters each day. Of thase, same eight millian are adually apEned by the recipient, but anly 94,000 dick an the links - arabaut five per cent af thasEwha reived theemails. Abaut 10 per ont af thase apening the link are faaled inta praviding canfidential infarmatian - which represents a waldwide haul af 0,000 oedit-card numbers, bank acOunts, passwards and ather canfidential infarmatian every day. "Dan't get phished!" saysthe federal website, "Phishing emails aten laak like real emailstram atrusted saure such asyaur bank ar an anline retailer, right dawn ta lagas and graphics." The site says mare than ane millian Canadians have entered persanal banking details an a site they dan't knawu based an surveys. In late 2012, Justice Canada was embrailed in amajar privay breach when ane af its lauryers warking at Human Resaurces and Skills Ovelapment Canadawasinvaved in the lassaf a US8 key. The key antained unencrypted canfidential infamatian abaut 5,045 Canadians wha had appealed disability rulings underthe anada Pensian Plan, including their medical canditian and SIN numbers. The privacy commissianer is still investigatingthe breach.