It's no secret that the White House has been in a state of disarray for the past six months. News articles have rolled out like clockwork, giving the public a sneak peek into the administration's difficulties stopping leaks, cooperating with political allies and stymieing accusations of Russian collusion.
However, more than a few of disparaging articles have focused on White House cybersecurity. Examples include former press secretary Sean Spicer possibly revealing his password over Twitter and Gizmodo's phony Google Drive phishing scam. This time it appears several White House officials have fallen for a U.K.-based email prank.
Below we will examine the prank, the risk bogus emails pose to organizations of all sizes and what you can do to protect your business from similar hiccups. For all the latest analysis on cybersecurity news, check out CyberPolicy.
Original Prankster
The email started off pretty innocently: "Tom, we are arranging a bit of a soiree towards the end of August. It would be great if you could make it, I promise food of at least comparable [sic] quality to that which we ate in Iraq. Should be a great evening."
Homeland Security Adviser Tom Bossert replied to the email he believed to have been sent by Jared Kushner. "Thanks, Jared. With a promise like that, I can't refuse. Also, if you ever need it, my personal email is [redacted]."
But in reality, the sender wasn't Kushner but instead an email prankster who sent the results of his test to CNN. "I try and keep it on the humorous side of things," the email prankster told CNN. "I'm not trying to get the keys to the vault or anything like that."
This slip up is rather embarrassing, especially for the man in charge of cybersecurity. Or it would be if he was the only victim. Others included ex-White House Communications Director Anthony Scaramucci, ex-White House Chief of Staff Reince Priebus, Ambassador to Russia-designate Jon Huntsman Jr., Donald Trump Jr. and Eric Trump.
However, Eric Trump was the first person to catch on to the scam replying: "I have sent this to law enforcement who will handle from here."
The prankster and self-described "lazy anarchist" @SINON_REBORN says he never heard from law enforcement. He is also known for similar scams to Goldman Sachs and Citigroup.
But then again, this kind of thing isn't uncommon. Business leaders and employees fall for social engineering and spear phishing scams all the time. That's why it is still a favorite attack for hackers everywhere.
If you want to avoid falling for a similar scam follow these tips:
-Train your employees to identify suspicious communications.
-Avoid opening unfamiliar emails, attachments, links and downloads.
-Keep software and antivirus programs up to date.
-Follow up with contacts in person or over the phone if you aren't sure about the legitimacy of a communication.
And finally, invest in a robust cyber insurance policy. While this email scam was little more than a prank or a publicity stunt, it could have been much worse. Do the smart thing and protect yourself from hackers and data breach today by visiting CyberPolicy!
