Sean Myers | February 04, 2016

Security firm dangles a phishing line in House Waters

House staffers who opened their inboxes Thursday morning found a fake news item that implied it was from LegiStorm - and House officials were behind the ruse.

The House's Cyber Enhancement Initiative conducted a phishing expedition to see if staff members would open potentially dangerous emails.

The email appeared to be one of LegiStorm's "Caught Our Eye" articles and claimed that 419 congressional staffers had been found on the delinquent taxpayer list. There were several signs that the email was fake: The incorrect title of "Caught Your Eye" instead of "Caught Our Eye, the early publishing time and the sender "LegiStrom."

Staffers who clicked on the story were directed to a page with the heading "You've been phished" and told that the exercise was meant to improve staffers' "ability to identify and properly handle phishing emails."

The source of the phishing trip was Wombat Security Technologies, a Pittsburgh-based firm that states it delivers "software-based cyber security awareness and training solutions that help your employees understand the risks associated with poor cyber hygiene and subsequently change their behaviors to strengthen your organization's security posture." It said the exercise was sanctioned by the House's Cyber Enhancement Initiative and the House Office of Inspector General, led by David Cole and Keith Sullenberger.

Read the article on Legistorm