OTTAWA – Many of the Justice Department’s finest
legal minds are falling prey to a garden-variety Internet scam.
An internal survey shows almost 2,000 staff were
conned into clicking on a phoney “phishing” link in their email, raising
questions about the security of sensitive information.
The department launched the mock scam in
December as a security exercise, sending emails to 5,000 employees to test
their ability to recognize cyber fraud.
The emails looked like genuine communications
from government or financial institutions, and contained a link to a fake
website that was also made to look like the real thing.
Across the globe, an estimated 156 million of
these so-called “phishing” emails are sent daily, and anyone duped into
clicking on the embedded web link risks transferring confidential information –
such as online banking passwords – to criminals.
The Justice Department’s mock exercise caught
1,850 people clicking on the phoney embedded links, or 37 per cent of everyone
who received the emails.
That’s a much higher rate than for the general
population, which a federal website says is only about five per cent.
The exercise did not put any confidential
information at risk, but the poor results raise red flags about public servants
being caught by actual phishing emails.
A spokeswoman says “no privacy breaches have
been reported” from any real phishing scams at Justice Canada.
Carole Saindon also said that two more waves of
mock emails in February and April show improved results, with clicking rates
falling by half.
“This is an awareness campaign designed to
inform and educate employees on issues surrounding cyber security to protect
the integrity of the department’s information systems and in turn better
protect Canadians,” she said in an email.
“As this project progresses, we are pleased that
the effectiveness of this campaign is showing significant improvement.”
A February briefing note on the exercise was
obtained by The Canadian Press under the Access to Information Act.
The document indicates there are more such
exercises planned – in June, August and October – and that the simulations will
be “graduating in levels of sophistication.”
Those caught by the simulation are notified by a
pop-up window, giving them tips on spotting malicious messages.
The federal government’s Get Cyber Safe website
says about 10 per cent of the 156 million phishing emails globally make it
through spam filters each day.
Of those, some eight million are actually opened
by the recipient, but only 800,000 click on the links – or about five per cent
of those who received the emails.
About 10 per cent of those opening the link are
fooled into providing confidential information – which represents a worldwide
haul of 80,000 credit-card numbers, bank accounts, passwords and other
confidential information every day.
“Don’t get phished!,” says the federal website,
“Phishing emails often look like real emails from a trusted source such as your
bank or an online retailer, right down to logos and graphics.”
The site says more than one million Canadians
have entered personal banking details on a site they don’t know, based on
surveys.
In late 2012, Justice Canada was embroiled in a
major privacy breach when one of its lawyers working at Human Resources and
Skills Development Canada was involved in the loss of a USB key.
The key contained unencrypted confidential
information about 5,045 Canadians who had appealed disability rulings under the
Canada Pension Plan, including their medical condition and SIN numbers. The
privacy commissioner is still investigating the breach.
The department has some 5,000 employees, about
half of them lawyers.
Visit our facebook
page and follow us on twitter @Abney_and_Assoc.
0 comments:
Post a Comment