An email prankster has fooled a number of White House officials into thinking he was other officials. The prankster even convinced the White House Official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited. Tim Erlin, VP at Tripwire commented below.
Tim Erlin, VP at Tripwire:
“While these particular incidents were undertaken to be funny, the implications of how easily the individuals involved were entrapped should be clear. The difference between this prankster and a serious criminal is only in the disclosure of the results. A serious criminal wouldn’t have shared the outcome with the press. Email spearphishing is a big challenge for cybersecurity, and shouldn’t be taken lightly.
“We’ve traditionally placed a higher level of scrutiny on communications with government officials because of the potential for disclosure. These ‘pranks’ demonstrate why that scrutiny is required.
“A sophisticated criminal with a target in mind could use email as a channel to develop a more complete relationship and ultimately compromise much more sensitive information.”
“With this incident in the press, the White House should take a close look at email security and training their staff to recognize spearphishing attempts.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.