Slashdot Mirror
US Army "Scams" Service Members to Test Their Spam Gullibility
9gezegen writes "An offer for free tickets to theme parks for service members turned out to be an email scam, a ploy that was in actuality a security exercise run by the Army. Involved servicemen and DoD civilians received an email, allegedly coming from the 'Army Family and Morale, Welfare and Recreation Command Office,' and directed them to a phishing site which asked for personal information. After rebuttal and warning by Army MWR, the website revealed that it was a security exercise after all. Army MWR later verified the exercise and announced they were not informed beforehand."
The MWR people are all crying because no one told them that it was a test...Apparently, in their minds, there is no need to test an army organizations response to someone falsifying announcements in their name.
Sounds like the test went off swimmingly. I can't count the number of times I've thought about doing the same sort of thing to people I work with. A few good solid scares will tighten up their security policy.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
More companies should do this. Hell, banks should do this to their customers.
One would think the military would have an easier time than most. You and I cannot register .mil addresses. Shouldn't the people have been looking out for http://mwr.army-support.mil/ instead of http://mwr.army-support.com/ (the link in the email?) Or does the army use .com addresses for some things, cause that seems silly. One would think they could tweak the source in firefox to change the address bar a different color for .mil addresses or something..
What are we going to do tonight Brain?
Either way that's not cool at all. Just think if your company set this up on you, what would your reactions be?
If my company trusted my co-workers with information that could get me killed, I'd want them to test susceptibility to social engineering. If I do a bad job, my company loses money. When people in the military do a bad job, people can die (OK, when they do a good job people still die - but they're other people, those trying to kill them). They need to worry more about security.
-- Support a free market in the field of government
who are these people making that suggestion?
I'm not pretending the army is full of Einsteins, but they all graduated high school or earned a GED (vast vast majority graduated high school), and all of them are required to learn math skills involving chemical attack detection, navigation, operating a frequency hopping radio, etc.
Compare that to kids in the average US city, where 50% do not graduate high school.
The Army is certainly a lot smarter than the general population. They may be more willing to rely on titles (like MWR)... I don't know about that, but I'd like to know who is buying the Carter era propaganda that the army is a bunch of idiots.
I didn't get the e-mail myself(or maybe I did, I'm on leave so I have not checked it in weeks), but this is an example of the kind of tests that the Army should do. Not telling MWR, good idea. It not only gives them an opportunity to see the response of troops, but an opportunity to see the response of MWR to this kind of threat.
//SPC Wood, Active Duty
What I think the Army will find most surprising(or not!) is the apparent lack of use of the AKO Webmail system, it sucks, hard.