Remember meForgot password?
    Log in with Twitter

article imageJustice Canada employees fall for fake email scam

By Arthur Weinreb     Jun 23, 2014 in Internet
Ottawa - After mock emails were sent to employees at the Department of Justice, it was determined more than one third of them clicked onto phony links in the email leading to concerns about the security of the department's sensitive information.
In December, the Department of Justice held a mock exercise. Phony emails were sent to all employees at Justice that were typical phishing emails. The emails appeared to come from a legitimate government department or financial institution. The emails asked the recipient to click on a link. The link directed the recipient to a phony website that looked like the real thing and requested the person to provide personal information.
The results of the mock email exercise were obtained by the Canadian Press. Out of the 5,000 employees of Justice Canada, 1,850 or 37 percent of the department's workforce fell for the phishing scam and clicked on the link. When they did, a pop-up appeared warning them of phishing emails and telling them how to avoid the scam.
The 37 percent of employees far exceeded the 5 percent of the general population who fall for these phony emails and click on the link.
Phishing scams are those where an email is sent that appears to be sent from a legitimate company. Cyber criminals trick people into clicking on a link that seems to be the website of the company. The person is then asked to provide personal information such as banking information or usernames and passwords. Often the recipient is warned that one of their accounts will be closed if they do not reply. Once the link is clicked on and the information provided, the criminals obtain the recipient's personal information.
According to the government's Cyber Safe site, about 156 million phishing emails are sent out each day and approximately 10 percent of these get through spam filters. Many of those people who click on the provided links end up providing personal information to the criminals.
According to Carole Saindon, a spokeswoman with the Department of Justice, there have been no security breaches in the department from real phishing emails. She said: This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security to protect the integrity of the department's information systems and in turn better protect Canadians.
In this case, the exercise specifically dealt with the threat from phishing which is increasingly being used as an attack vehicle of choice by cyber criminals.
As this project progresses, we are pleased that the effectiveness of this campaign is showing significant improvement.
Justice sent other batches of emails to employees in February and April and the click rate dropped by half, still well above the number of times it occurs in the general population. More emails are scheduled to be sent out in June, August and October.
Of the estimated 5,000 employees in the Department of Justice, about half of them are lawyers.
More about canadian department of justice, Phishing, email scams, Cyber crime
More news from