US Justice Department Sends Hoax Email To Workers

This is how you really find out who obeys the security policies put in place in a given organization

Test workers at the US Justice Department never expected to get a hoax email sent to them. That is exactly what they got, a hoax email sent to them that phished for sensitive information. Later reports verified that these messages were sent out to test the department’s security awareness. Have you ever heard of such measures being taken to test out a department’s security awareness?

In our opinion, this was a good test. Not only will it weed out the weakest links within an organization but it reveals the effectiveness of security policies and measures put in place at a given company or facility. The Justice Department hoax email strategy is just one method for testing out others ability or inability to effectively practice security measures.

The hoax email sent out in this situation lead users to phishing sites where personal information was asked to be filled out by an employee. The email was confirmed as a security test which the DOJ has been doing for about three years now. As explained by Gina Talamona, Justice Department spokeswoman, “Scenarios are intended to represent an example of persistent cyberthreats facing today’s Internet users.”

As far as the results of this test conducted, they are not available for discussion as we would think coming from a US Government department.

Is this a good idea and way to test the security of a particular office or department? Should other companies use this same strategy to put their employees to the test when it comes to company security? What if they fail the test? Should they be fired or reprimanded?