Justice workers scooped up in mock phishing net

Send to a friend

Send this article to a friend.

There’s a scene in the British comedy series “The IT Crowd” in which the two protagonists, Roy and Moss, tell their techno-illiterate boss, Jen, that a shoebox-sized device they’re handing her is the Internet.

fishing hook

They want her to play show-and-tell in a speech she’s giving to company staff.

Normally, they tell her, the Internet is stored at Big Ben, but the “lords of the Internet” graciously offered it on loan when they heard about Jen’s speech.

“But why are there no wires?” Jen asks. “Because the Internet is wireless,” Moss explains.

The pair think they’ve pulled off the ultimate prank, until it comes time for Jen’s speech. When she presents the box and says what it is, no one even bats an eye. They’re all just as gullible as she is.

I thought of that episode this week when I heard that almost 2,000 bureaucrats working with Justice Canada fell for a common Internet scam called “phishing.”

Essentially, the scam works like this: you get what looks like a legitimate email from a bank or government department asking you to click on a link. If you do, you risk making sensitive information available to the fraudsters running the scam.

According to documents obtained by the Canadian Press, the Justice Department launched the mock phishing expedition in December to test employees’ ability to recognize cyber fraud. Out of 5,000 staff targeted, 1,850 people fell for it hook, line and sinker, clicking on the embedded link.

This is the department, don’t forget, that deals with, among other things, cyber fraud.

And keep in mind that like any other employees who work with computers, Justice staff are subjected to online security campaigns and receive regular warnings about scams and viruses.

Now, here’s a truly alarming thing.

The 1,850 “victims” represent about 37 per cent of those who received the email.

But worldwide, the average rate of people falling for the scam is about five per cent. In other words, more than seven times as many Justice employees fell for this relatively common swindle.

Did I mention this is the department that deals with cybercrime? And did I also mention that about half of those employees are lawyers?

This could be a major problem.

Justice Canada was embroiled in a privacy breach in 2012 when one of its lawyers working at Human Resources and Skills Development Canada was pegged in the loss of a USB key.

“The key contained unencrypted confidential information about 5,045 Canadians who had appealed disability rulings under the Canada Pension Plan,” wrote CP’s Dean Beeby, “including their medical condition and (social insurance) numbers.”

What’s even scarier is the thought that if one in three Justice workers are that naïve about Internet security, imagine what the percentage might be for other departments — like Health and Finance?

In this province, for example, we’ve become increasingly accustomed to breaches of privacy in the health-care system.

It’s not so much that more employees are snooping in our medical files, but that modern computer software more readily detects it.

It’s likely those who breach privacy are technologically challenged enough not to realize they’re being monitored. But are the more honest staff any better equipped to deal with possible breaches?

The Ottawa experience suggests an alarming degree of ignorance. And that suggests to me that more of these mock scams are needed.

Let’s get a clearer picture of exactly how ill-equipped government workers are when it comes to computer security.

And then let’s make sure we fix it.

 

Peter Jackson is The Telegram’s

commentary editor.

Email pjackson@thetelegram.com.

He also hosts a daily live forum, Naked Lunch, 12:30 p.m. at the thetelegram.com.

Organizations: Canadian Press, Justice Canada, Justice Department Human Resources Skills Development Canada

Geographic location: Big Ben, Canada, Ottawa

  • 1
  • 2
  • 3
  • 4
  • 5

Thanks for voting!

Top of page

Comments

Comments