[ISN] Air Force phishing test becomes a problem

From: InfoSec News <alerts_at_private>
Date: Mon, 3 May 2010 00:20:31 -0500 (CDT)

By Robert McMillan
IDG News Service
April 29, 2010

Sorry Airman Supershaggy, "Transformers 3" is not coming to Andersen Air 
Force Base. And by the way, you've been phished.

Security testers at the Guam Air Force base's 36th Communications 
Squadron had to send out a clarification notice on Monday after an 
in-house test -- called an operational readiness exercise (ORE) in Air 
Force parlance -- of how airmen would respond to a phishing e-mail 
worked out a little too well.

The e-mail said that crews were going to start filming "Transformers 3" 
on Guam and invited airmen to fill out applications on a Web site if 
they wanted to work the shoot. The Web site then asked them for 
sensitive information.

This type of in-house phishing exercise is a routine occurrence in the 
military and in major corporations, and is generally seen as a good way 
of promoting security awareness. But in Andersen's case, the information 
in the phishing e-mail started leaking to the civilian world.

"Unfortunately, many of Andersen's personnel responded to this inject 
and submitted their personal information to the Web site, and forwarded 
the information outside of Andersen," the Air Force base said in a 


Best Selling Security Books and More!
Shop InfoSec News
Received on Sun May 02 2010 - 22:20:31 PDT

This archive was generated by hypermail 2.2.0 : Sun May 02 2010 - 22:30:24 PDT