Postal Service employees are still being fooled by infected phishing emails nearly a year after a hacker exposed the personal information of more than 800,000 workers, a federal watchdog reported Wednesday.
Postal Service employees failed a test to identify and report phishing emails – fake messages that contain destructive digital viruses – likely due to their lack of cybersecurity training, the agency’s inspector general said.
“The Postal Service’s information security training related to phishing was not effective,” the IG said. Trained employees watched a video that “showed how users should right-click and delete a phishing email,” but not how to identify or report them.
A fake phishing email was sent by investigators to 3,125 Postal Service employees. Only seven percent followed Postal Service requirements by reporting the message.
A quarter of the recipients clicked the link, which could have compromised the Postal Service’s network, were the phishing email real.
Only 139 of the employees tested had completed the Postal Service’s annual cyber training.
Postal Service managers, however, noted that they “received over 100 reports of the phishing email within the first hour,” the report said.
“About 156 million phishing emails are sent globally every day,” the report said. “In 2014, phishing email attacks caused about 18 percent of cyber intrusions.”
Phishing scams likely caused the breaches at the Postal Service and at the Office of Personnel Management, which exposed more than 22 million current and former federal workers’ personal information.
The Postal Service’s training included phishing lessons after the IG’s audit, but only the minority of Postal Service employees got the instruction.
“Current policy does not require all employees with network access to complete the annual information security awareness training,” the IG said.
Without universally required training, “users may not be aware of how to appropriately respond to and report phishing emails, which increases the risk of a cyber intrusion,” the report said. “According to a recent study, information security awareness training could reduce security-related risks by up to 70 percent.”
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact email@example.com.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact firstname.lastname@example.org.