2 min read

Justice Canada workers fail email security test

Security

Sometime in December last year, the Department of Justice Canada launched a security exercise that involved sending emails with a fake phishing link to some 5,000 employees.

The practice was meant to test the workers’ ability to recognize potential cyber fraud.

The emails were made to appear like authentic communications from government of financial institutions and they contained a link to a bogus Web site. As many as 1,850 or 35 per cent of the department’s employees fell for the ruse and clicked on the bogus email scam, according to a report by the Canadian Press appearing in the CBC Web site.

That rate is much higher than for the general population, which is only about five per cent. Employees that fell for the emails were notified by a pop-up window that provided some tips on identifying malicious emails.

Results of the test came to light as government agencies and departments continue to be at the centre of numerous data breach news.

For example, in March this year a report from the Privacy Commissioner’s Office revealed that from April 1, 2013 to January 29, 2014, federal departments and agencies reported no less than 3,763 data breaches, including incidents where taxpayer information was lost, compromised or mistakenly released.

Before that in 2012, Justice Canada was in the spotlight when one of its lawyers lost a USB key containing the unencrypted confidential information — including social insurance numbers — of 5,045 Canadians who appealed disability rulings under the Canada pension Plan.

CP obtained a briefing note on the exercise through the Access to Information Act. CP said that with subsequent mock email tests sent out in February and April this year, the number of those who clicked on the emails fell by half. Similar exercises are planned in June, August and October with simulations increasing in their level of sophistication.

A spokesperson for the department told CP that the justice department is “pleased” at the effectiveness of the campaign and that it is “showing improvement.”

There are no less than 156 million phishing emails released by cyber criminals each day, according to the government site GetCeyberSafe.ca. Of that number, eight million are opened and 800,000 links are clicked.

About 80,000 people fall for online scams every day and share their personal information with scammers.

4 Comments

  1. Is this in fact an article written about an article? Why don’t you do some research on the obvious gaps in the original article?
    You can’t claim that all Phishing attacks are equal then make assumptions based on the results.

  2. This article even quotes a grammatical error from the original article proving that this author has no clue – “government of financial institutions”??
    Government OR financial institutions….lol!!

  3. “There are no less than 156 million phishing emails released by cyber criminals each day,…”

    Why is there STILL only one internet ? Why havn’t we broken it up into little country sized pieces long ago, and let people decide yes I have relatives in Hong Kong so I’ll accept connections from there, but not the philipines or russia or the middle east etc etc etc , on a person by person basis ?

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment