Phishing test tried to identify with a simple test with Trump team

the Gadgetblog Gizmodo, extent to which senior politicians and civil servants in the context of President Donald Trump on phishing attacks are prepared. The authors were so e-mail the invitation to edit a Google sheet come to them, invited Trump to manipulate. Not surprisingly, relatively many clicks were carried out in about ten minutes.

 phishing (image: Shutterstock)

they have should not be made already with minimal security awareness. Just last week such an attack, which made use of the OAuth login service, had made headlines. This email targets users, a sender known to them would have shared a Google Docs text document with them. The Gizmodo test was also intended that he could actually not long withstand a critical look. The brief text concluded with: “This page was by Gizmodo media group created to test your expertise with regard to digital security.”

the URL of the fake login page was also no Google domain and also contained the word “test”. Who clicked the button to sign up yet, was a warning, that the click-happy recipient informed that he was subject to an investigation to digital security practices. A reporter will soon try to contact him.

“Some of the Trump Government ignored our email full, what was the right way”, the publication reported. “More than half of the recipients but apparently clicked the link: eight different units visited the page, one of them several times.” It cannot be determined whether the receiver itself (as opposed to an IT specialist, to which the E-Mail was forwarded), all these clicks were perhaps but seven compounds were carried out in about 10 minutes after sending the emails.”

sender

as was faking the address of someone, the recipient knew. The reply-to address however remained intact and was [email protected] Two receivers–the FBI Chief James Comey fired by Trump and the Republican politician Newt Gingrich–after all, skeptical asked, what’s going and whether they really should open it.

Gizmodo test was not bluff, whether the recipients had actually entered their login information. “But those who clicked on the link, entered all a risk”, the Gizmodo authors argue. In the worst case, a click could have led to the installation of malware in your browser. It will also mean the geographic location, the browser used, the operating system of the device and more betrayed – and thus potential attackers delivered starting points for more hack attempts.

the blog founded the test among others so that politicians are constantly exposed to such attacks and Trump of even his campaign opponent, Hillary Clinton had accused of negligent handling of emails. Some security experts criticized but also the conduct of journalists. So, Steve Ragan turned up by CSO the test was carried out without permission and have shown only something already known: “people click always: what is that new?”

actually the Canadian tax authority CRA had found out recently with an internal security exercise thousands of their employees on dubious email phishing fell. The election campaign of the designated French President Emmanuel macron assumed for signs of increasingly aggressive Russian Cyberspionage to be not invulnerable. Not enough time remained macrons security specialist also before the election, to identify the attackers. You were therefore looking for new ways to make them at least life harder. They instituted therefore in turn fake E-Mail accounts as traps and filled them with a large number of bogus documents.

“we have to counterattack moved on”, the New York Times quotes macrons digital officer Mounir m. “We could guarantee no one hundred percent protection against the attacks, so we asked ourselves: what can we do?” The answer was a strategy of “Cyber concealment”, how they sometimes employ the banks and large companies. “We have created false accounts with incorrect contents as a fall. We have made that very solid to force them to verify, to determine whether it’s a real account. I don’t think that we have prevented it. We have only slows them down.”

WEBINAR

what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.

Be the first to comment

Leave a Reply