US Air Force Gets Caught Up In Its Own Phishing Test

by Erin on April 30th, 2010 in Industry and Security News.

We all know that phishing ploys are a serious online problem (just look at the latest stats from the Anti-Phishing Working Group for details). Businesses and organizations often have the most to lose from security incidents, so it’s no wonder that they take precautions to reduce the risk of these costly attacks – and even run tests to check how susceptible workers are to targeted Internet scams and fraud.

These types of in-house phishing exercises are routine practice for some major corporations and even the military, designed to promote security awareness and assess training efforts. One such test – called an operational readiness exercise (ORE) – that was recently run by a US Air Force base, however, seems to have worked a bit too well. According to news reports, security testers at the 36th Communications Squadron at Andersen Air Force Base in Guam were forced to send out a clarification notice when personnel not only fell for the phishing e-mail, disclosing sensitive information when prompted, but also began forwarding information from the internal message outside of the base. The bait used to reel in the airman: the message claimed that filming of the movie Transformers 3 was set to take place on Guam, and invited interested personnel to be cast in the shoot by visiting a website and submitting an application with their personal data.

Take a closer look at what happened in Computer World’s article, “US Air Force phishing test transforms into a problem”.