Military, agencies to phish their workers
- By Wade-Hahn Chan
- Dec 19, 2006
The military and agencies such as the Homeland Security and Veterans Affairs Departments can now launch phishing attacks against their own workers.
Phishing is a technique where users are tricked or coerced into giving up personal information, revealing login names and passwords or visiting malware or virus-infected web sites. The attacks will be designed to test how well educated federal workers are about their agency's email security policies.
The attacks will be done with Core Security Technologies' CORE IMPACT penetration testing software. The software will send emails to and keep track of how many employees click on the 'malicious' links. This allows agencies to keep track of worker email use habits and gage the effectiveness of their IT security education program.
'Businesses are recognizing the severity of client-side attacks and are demanding solutions that help them more accurately evaluate their potential exposure,' said Paul Paget, CEO of Core Security, in a statement released today.
Agencies and companies can use the software to also engage in spear phishing, or highly targeted phishing attacks that contain information legitimate to the organization getting attacked.
Phishing attacks have become the favored method for attackers. According to the US-CERT's quarterly trends and analysis report, phishing accounts for nearly 84 percent of all attacks reported to the computer security agency.
Other agencies that will employ Core Security's software include the Departments of Labor, Energy and Agriculture as well as National Institute of Standards and Technology, the United States Agency for International Development, the U.S. Courts and the Postal Service.