White House Security Adviser Duped by UK Prankster
The security of White House networks has been called into question after senior officials were duped into replying to emails from ‘colleagues’ that were actually spoofed by a UK prankster.
“Thanks, Jared. With a promise like that, I can't refuse,” he wrote back, according to CNN. “Also, if you ever need it, my personal email is” (redacted).
Scaramucci fell again for another @SINON_REBORN prank, this time a Gmail account masquerading as soon-to-be Russian ambassador, Jon Huntsman Jr.
Huntsman himself was tricked into replying to a fake email account pretending to be the President’s son, Eric Trump, while the latter was hoodwinked by SINON_REBORN writing as his older brother, Donald Trump Jr., before eventually realizing his mistake.
White House press secretary Sarah Huckabee Sanders told CNN: "we take all cyber related issues very seriously and are looking into these incidents further.”
The ease with which the British prankster managed to trick not just senior officials but one security adviser should be serious cause for concern, especially given that state-sponsored spear-phishing attacks often use the same social engineering tactics.
Hiwot Mendahun, cyber resilience expert at Mimecast, argued that email was never built with security in mind.
“This prank follows a rise in similar attacks asking for wire transfers or confidential data like HR records or tax information. Spear-phishing and impersonation attacks are easy to launch with free email addresses or by registering lookalike domains. Mobile email users are particularly vulnerable,” she added.
“All organizations need to consider stamping external emails with simple warnings and conduct regular training to help employees recognize possible scams.”
Source: Information Security Magazine