Sometime in December last year, the Department of Justice Canada launched a security exercise that involved sending emails with a fake phishing link to some 5,000 employees.
The practice was meant to test the workers’ ability to recognize potential cyber fraud.
The emails were made to appear like authentic communications from government of financial institutions and they contained a link to a bogus Web site. As many as 1,850 or 35 per cent of the department’s employees fell for the ruse and clicked on the bogus email scam, according to a report by the Canadian Press appearing in the CBC Web site.
That rate is much higher than for the general population, which is only about five per cent. Employees that fell for the emails were notified by a pop-up window that provided some tips on identifying malicious emails.
Results of the test came to light as government agencies and departments continue to be at the centre of numerous data breach news.
For example, in March this year a report from the Privacy Commissioner’s Office revealed that from April 1, 2013 to January 29, 2014, federal departments and agencies reported no less than 3,763 data breaches, including incidents where taxpayer information was lost, compromised or mistakenly released.
Before that in 2012, Justice Canada was in the spotlight when one of its lawyers lost a USB key containing the unencrypted confidential information — including social insurance numbers — of 5,045 Canadians who appealed disability rulings under the Canada pension Plan.
CP obtained a briefing note on the exercise through the Access to Information Act. CP said that with subsequent mock email tests sent out in February and April this year, the number of those who clicked on the emails fell by half. Similar exercises are planned in June, August and October with simulations increasing in their level of sophistication.
A spokesperson for the department told CP that the justice department is “pleased” at the effectiveness of the campaign and that it is “showing improvement.”
There are no less than 156 million phishing emails released by cyber criminals each day, according to the government site GetCeyberSafe.ca. Of that number, eight million are opened and 800,000 links are clicked.
About 80,000 people fall for online scams every day and share their personal information with scammers.