Email Prankster Fools White House Officials: How To Prevent Phishing Attacks

At a time when the Congress is trying hard to ensure action against Russia for the alleged meddling in the presidential election, an email prankster in the United Kingdom has again shown how vulnerable the White House is to spear phishing. A phishing campaign linked to Russia targeted former Secretary of State Hillary Clinton and Democratic Network Committee (DNC) during the presidential election campaign last year, which eventually led to her defeat, according to many political observers.

A CNN report published Tuesday revealed how a hacker duped several White House officials, including a senior official tasked with cyber security, Thomas Bossert. Bossert received a candid email from the hacker who masqueraded as President Donald Trump’s son-in-law Jared Kushner, and he even responded to the email.

Read: Cyberattacks Increase As Companies Lack Malware, Hacking Security: Report

The White House is undergoing a massive shake up and the hacker, apparently amused by the situation, used a mail.com account to email former White House Communications Director Anthony Scaramucci’s official and wrote an email posing as former Chief of Staff Reince Priebus. Referring to how John F. Kelly replaced Priebus, the prankster said, “General Kelly will do a fine job. I'll even admit he will do a better job than me. But the way in which that transition has come about has been diabolical. And hurtful. I don't expect a reply. ”

To this, Scaramucci responded, “You know what you did. We all do. Even today, But rest assured we were prepared. A Man would apologize." The prankster who tweets under the name of @Sinon_Reborn posted the screenshots of the conversation on Twitter.

Responding to the phishing incident, White House Press Secretary Sarah Huckabee Sanders told CNN: “We take all cyber related issues very seriously and are looking into the incidents further.”

Read: A Cyber Attack By An Enemy Nation Could Cause Mass Casualties In US, Says New Documentary

While in this particular incident, the hacker breached the security network apparently for fun, cyber attacks have become a security threat across the country and the world, in general. In a policy guide for state legislators on cyber security — Understanding The Cyber Threat — AT&T and the National Cyber Security Alliance surveyed 103 state legislators from the United States. The survey found that one-third of the respondents agreed their “state’s current level of cyber risk is high.” The top three cyber security threats, identified in the report, were: criminal organizations within the U.S. (70 percent), political hacktivists (54 percent) and criminal organizations outside the U.S. (54 percent).

While nations and organizations spend millions to prevent themselves against cyber attacks, a phishing attack in the form of a fraudulent email where the hackers pose as legitimate organizations can easily trick people to share important information by clicking on malicious links or attachments. Phishing emails can target a user on any device.

Using stronger passwords can help prevent phishing attacks to an extent, however, there are several other solutions that the organizations are relying on to prevent such attacks.

Intrusion Prevent System (IPS) is one of the security solutions that block malicious activities at the network level. The IPS works in inline mode and is usually the first line of defense to Advanced Persistent Threat (APT), a prolonged attack by gaining network access to cause damage to network or organization.

“It contains a sensor that is located directly on the actual network traffic route which deep inspects all the network traffic as the packets pass through it,” according to Spiceworks, an online community of tech professionals.

While spam filters can also scan inbound emails for organizations, they cannot be relied upon to prevent sophisticated attacks. For such attacks, email sandboxes — that provide an isolated environment to replicate the end user — have become an increasingly reliable solution to detect threats from previously unknown sources. The sandboxes add several layers of checks to the incoming emails.