Phishing Exercise by the US Army Goes Wrong, but No One Clicks on the Links

US Army conducts phishing experiment

A US Army combat commander decided to run a small experiment to see how many Army employees would fall for a phishing scam. No one fell for it, but the lack of coordination with other government departments led to a scandal.

According to The Washington Post, the phishing emails were designed to look like they were coming from Thrift Savings Plan, a small agency that provides retirement savings services for a majority of federal workers. The emails carried the subject line “Thrift Savings Plan Alert: Passcode Reset” and appeared to come from a email address.

Since no one knew about the exercise, not even TSP, those who received the phishing emails forwarded them to thousands at the Department of Defense, the FBI, and other agencies. They also flooded TSP’s call center with questions.

It goes without saying that the company is unhappy about the entire thing, especially since it made customers worry about the safety of their accounts.

Conducting such exercises is common practice, particularly for large organizations. It provides them information on how well their employees can identify phishing attempts.

However, in this case, experts and officials have highlighted that TSP should have been informed (or asked for permission), and the whole thing should have been better coordinated.

On the bright side, none of the around 100 Army employees who got the emails clicked on the malicious links.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s