An internal survey in the Justice Department of Ottawa shows that almost 2,000 of their staff is likely to fall victim to a phony “phishing” link in their email.
In December, to address questions about the security of sensitive information, the Justice Department launched a security exercise by sending emails to 5,000 employees. This determined if the recipients are able to recognize cyber fraud. Scam emails are made to look like genuine official communications from government or financial institutions, but somewhere in the email is a link to a fake website, also made to look like the real thing.
156 million “phishing” emails are sent all around the world daily. Anyone conned into clicking the contained web links risks sending personal and confidential information, such as online banking password, or credit card information, to the wrong hands.
The Justice Department’s mock exercise resulted to 1,850 people clicking on the phony embedded links. Although no actual information has been leaked, a 37% clicking rate demonstrates a poor result for public servants who received the emails. This is way higher than the rate for the general population which was only 5%. Red flags were raised about public servants being duped by “phishing” scams.
However, a following wave of mock scam emails in February and April showed an improved result. The clicking rates were down by half, to which Carole Saindon says, “This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security. To protect the integrity of the department’s information systems, and in turn better protect Canadians.” Saindon says that the exercises treated phishing in particular as it poses an increasing threat from cyber criminals. With the February and April results, the Justice Department tagged the mock emails as an effective and preventive campaign against cyber crime.
According to Canada’s get Cyber Safe website, about 10% of the 156 million phishing emails still slip through spam filters each day. Of that 10%, about 8 million are opened by the recipients but only 800,000 are redirected through the spam links. Everyday there are still 80,000 credit card numbers and personal information phished out of emails.
An occurrence in late 2012 demonstrates the dangers of phishing, when a lawyer working at the Human Resources and Skills Development of Justice Canada caused a major privacy breach with the loss of a USB key. It contained unencrypted confidential information about 5,045 Canadians who had appeals under disability rulings of the Canada Pension Plan. The key included their medical condition and SIN numbers. The breach is still being investigated.
The Canadian Press obtained a February briefing note on the exercise that indicated that the exercises will continue up to August and October, with the simulations “graduating in levels of sophistication.” This time, those caught by the simulation will receive tips through a pop-up window on how to avoid being victimized by malicious emails.
“Don’t get phished!” so says the website.
Are you concerned about your Internet security?
Do you have mechanisms in place to protect your business or even your law firm from phishing emails? Not sure?
We are here to help. Call our Internet Security experts at NSI right away. We will make sure your Canada law firm and/or business has the right email security services installed and configured to protect you. Call (403) 984-9001 or (780) 800-0644 or email us at firstname.lastname@example.org.
Have A Technology Question?