Perth and Kinross Council Phish own Staff

Perth and Kinross Council admits to sending phishing emails to own staff as part of its risk assessment.

12:40 17 April 2018

Perth and Kinross Council has admitted that it has been “phishing” its own staff to determine their level of awareness on cyber crime. It started deliberately sending out bogus e-mails to employees to see if they will be tricked to open the emails and put the entire network at risk of hacking.

 

The council’s information security officer Paul Dick said: “The council is not considered to be a high profile target. Attacks against the council are generally indiscriminate, but the sophistication of these attacks is increasing rapidly.

 

“The council has invested in new technology in an attempt to block more of these attacks from entering the network. No technological measure is 100% effective and ultimately we must depend on our staff being vigilant to those malicious messages which make it through our defences.”

 

He said: “The council has purchased a product to carry out simulated phishing attacks against our employees. These simulations allow employees to be exposed to superficially malicious e-mails and providing an element of awareness education to those who fall for the ruse without any danger to the network.”