Sign in / up

back to article Hacked US Census Bureau staff to take anti-phishing classes

The US Census Bureau has asked for additional IT security training for its staff – including tips on how not to fall for phishing emails – in the wake of last week's server breach. The bureau said in a blog post over the weekend that the hackers who managed to pull employee records from its computers did so by targeting the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. CrosscutSaw

    Over here

    I want to sign up my end users too!

    1 0 Reply
  2. Captain DaFt

    M'kay

    And the instructor is a Mr. Mackey, I presume?

    Seems like the type for the job.

    0 0 Reply
  3. John Tserkezis

    training and support portal? REALLY!?

    That's what they're doing to "stop" phishing attacks?

    Said it before, and I'll say it again: Good Luck With That.

    1 0 Reply
    1. Mark 85
      Reply Icon

      Re: training and support portal? REALLY!?

      Users are a big part of the problem.. now that all their email addys are out there it'll be even worse. But there's always those who will click on things because "they might be important".

      2 0 Reply
      1. Yet Another Anonymous coward Silver badge
        Reply Icon

        Re: training and support portal? REALLY!?

        And there will be organisations that tell their users "don't click on suspicous attachments" and then email important pay/pensions forms as word doc named PDQQ-6756-BHG.docx

        If you let infected files/links into your system and rely on regular users to spot them and not click - it isn't the users' fault. It's like telling them that some of their computers might have faulty PSUs with dangerous voltages on the keyboard and that they should "be careful".

        5 0 Reply
        1. Mike007 Bronze badge
          Reply Icon

          Re: training and support portal? REALLY!?

          "And there will be organisations that tell their users "don't click on suspicous attachments" and then email important pay/pensions forms as word doc named PDQQ-6756-BHG.docx"

          My bank sends me monthly emails saying my statement is now available online, with a "convenient" link to the login page to check it. Fucking idiots.

          0 0 Reply
      2. The little voice inside my head
        Reply Icon

        Re: training and support portal? REALLY!?

        Pressure for not letting anything escape, right, a form of social engineering, bad guys rely on the good spirit of people to try to scrutinize their work because they care, unless the email says "I love you". That is the other type of people and their mentality towards work, also an efficient way of hacking via social engineering. Just how much effort does it take for developers to create their programmes with security as priority? Are new developers being taught this? That's part of the mediocre mentality of rushing a product to the market just because people are now "used" to applying patches and all kinds of malfunctions are expected as long as they deliver a fix in a timely fashion.

        1 0 Reply
  4. auburnman

    I'd like to see the trainer actively try to fish the users he's training, along the lines of "my laptop is broken, can I run the presentation from yours? I'll just need your user ID and password." Would be interesting to see how many people would have the wisdom to know that's not a good idea and the balls to say no in front of a group.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like