General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsDNC tech chief tests staff with simulated phishing attack
he Democratic National Committee's chief technology officer is launching a series of simulated phishing attacks on the party's staff.
Raffi Krikorian, who joined the party as its top tech official in June, told Wired in an interview that he is quietly planning a series of simulated phishing attacks to test the DNC staffers' preparedness if they face another attempted breach.
Phishing refers to the practice by which cyberattackers seek to solicit personal information via email by posing as a reputable source.
The simulated attack is among several steps being taken by Krikorian to tighten the DNC's cybersecurity to avoid a repeat of the massive breach last year that led to the released of thousands of emails on the anti-secrecy website WikiLeaks.
http://thehill.com/policy/cybersecurity/349599-dnc-tech-chief-tests-staff-with-simulated-phishing-attack
THE DNCS TECHNOLOGY CHIEF IS PHISHING HIS STAFF. GOOD.
IF YOU ARE among the millions of Americans concerned about cybersecurity at the Democratic National Committeeand how could you not be?then the home of the partys tech braintrust might not give you much hope. The tiny, charmless office, with "DNC Tech" scribbled in dry-erase marker on the door, contains one desk and two computer monitors. Nearby, an overturned couch pokes out from an elevator shaft, a leftover from the widespread departures that followed Hillary Clinton's defeat. And that, of course, came after intruders, believed to be tied to Russia, hacked into the DNC's computers.
If the office itself seems lacking, the resume of its newish occupant is anything but. Raffi Krikorian, the Massachusetts Institute of Technology grad who joined the DNC as chief technology officer this summer, most recently led Ubers Advanced Technologies Center, meaning he was responsible for getting Ubers self-driving cars on the road in Pittsburgh. Before that, he rose through the ranks at Twitter to vice president of engineering, where he managed the infrastructure that runs the platform.
Following six years of CTOs steeped in political campaigns, Krikorian brings a uniquely hardcore technical pedigree. That may serve both him, and the party, well. Preventing history from repeating itself requires embedding Silicon Valley technological chops in a nearly 200-year-old political non-profit. Already, Krikorian has recruited engineers from Uber, Twitter, and Pinterest to join his team of 20 and counting. Together, theyre devising ways both to use technology to engage a broader swath of the electorate, and also ensure that technology doesnt create new vulnerabilities.
https://www.wired.com/story/the-dncs-technology-chief-is-phishing-his-staff-good/?mbid=social_twitter_onsiteshare
There's a good interview with Krikorian in the Wired article.
phylny
(8,367 posts)My husband's company does this regularly - and on one or two occasions, he fell for it. It's a constant learning experience on how to be vigilant.
SharonClark
(10,014 posts)I've been caught once and it goes against my boss' evaluation..
HipChick
(25,485 posts)to pay back taxes for over $50K....I nearly fell for it..very good PHISHING ..the only thing that was off was a bar code...
I also called the IRS, the rep paused and said..."Ma'am, we never contact taxpayers by email, and if you owed that much, we would have just come and got you already"....I think the rep was joking, but getting any IRS communication makes you hold your breathe.
octoberlib
(14,971 posts)not understanding why she owed back taxes. Thank god she didn't give them her bank account information. This is a particularly cruel scam and I'm glad they didn't try to contact her through email because they probably would have been successful. I've had to educate her what to look for.
cloudbase
(5,511 posts)advance notice of the test. They'll pass the test. See? No more problems.
Ezior
(505 posts)And I guess they are going to perform these tests on a regular basis.
So it's nice to let employees know beforehand maybe demand everyone does (another round of) cybersecurity training before tests start so everyone feels prepared for the drill. They will learn a lot better when they know for certain that they WILL need the skills and someone WILL notice if they screw up.
Response to cloudbase (Reply #4)
nycbos This message was self-deleted by its author.
woodsprite
(11,902 posts)that get pulled at various times to receive the phishing email. And truthfully, there is so much spam and phishing going on, unless your a really trusting soul or diagnose every questionable email with a fine tooth comb, it's hard to catch the ones they send out.
When we catch a phish, we're supposed to go to a certain URL, report it, turn full headers on and paste it into the comments box. If it's one they sent out, you get a "Congratulations!" message. If not, they've collected another legit phishing attempt and send out notifications to the campus.