Fake phishing scam traced back to Army commander's test

Fake phishing scam traced back to Army commander's test
The Washington Post
By Lisa Rein and Eric Yoder
Published: March 15, 2014

An ominous e-mail message landed in the inboxes of a small group of U.S. Army employees last month, warning of a security breach in their federal retirement plans (Google cache of page) and urging them to log in and check their accounts.

The e-mail was a fake — a classic spear phishing expedition looking for unwitting victims willing to share their personal financial information.

But the perpetrator was not a criminal hacker. It was an Army combat commander, acting on his own authority to test whether anyone on his staff would fall for the trick. In the process of sussing out internal vulnerabilities, though, the commander sowed panic across the government: Employees forwarded the e-mail to thousands of friends and colleagues at the Defense Department, the FBI, Customs and Border Protection, the Labor Department and other agencies.

Even the Pentagon’s Chief Information Office, which oversees computer networks across the military, was unaware of the phony e-mail.
read more here