DOJ Issues Hoax E-mail to Test TSP Employees’ Online Security Knowledge
The US DOJ (Department of Justice) sent hoax e-mail to federal workers. In fact, it was a mock attempt to phish off sensitive information to determine how much its own employees were aware about their online security, states a report, as reported by cnetnews on January 30, 2009.
The phishing e-mail, sent out in the 3rd week of January 2009, actually led recipients to a spoofed site that sought the DOJ employees' account details pertaining to the retirement savings scheme of the federal government.
Moreover, the phishing scam included bailout to employees if the monetary worth of their TSP (Thrift Savings Plan) had declined 30% over the past few months.
According to the TSP Board's Director of External Affairs, Tom Trabucco, the board came to know that the e-mail was not genuine on January 28, 2009, as reported by GOVERNMENTEXECUTIVE on January 30, 2009.
Besides, when the administration officers first came to know about the phishing e-mail, they tried to stop the scam. They coordinated with the Computer Emergency Readiness Team of the Homeland Security Department to track down the phishing site to which the e-mail recipients were directed. The officers subsequently got the site shutdown with the help of a TSP contractor.
However, when TSP officials came to know that the e-mail was the work of DOJ and not a cyber criminal, they withdrew the alerts from their website. But Trabucco said that his office received an e-mail from the General Services Administration on January 30, 2009 alerting the board of the e-mail saying that news about the phishing scam had spread widely, causing concern beyond the DOJ.
Meanwhile, Assistant Director for Information Systems Security, Ted Shelkey, issued a memo on January 28, 2009 saying that the TSP e-mail was false and only a test.
Shelkey noted that they had learnt that DOJ distributed the hoax e-mail to test the security awareness among its employees. Thus, the message along with the spoofed bailout website was not malevolent and that no warning message required to be distributed among colleagues and officers of the law enforcement, as reported by REALTECHNEWS on February 1, 2009.
Related article: Dixie College Suffers Data Hack
» SPAMfighter News - 16-02-2009