Sophisticated Phishing Scams Putting Secrets at Risk, Foreign Affairs Says

Sophisticated Phishing Scams Putting Secrets at Risk, Foreign Affairs Says
Foreign Affairs Minister Chrystia Freeland arrives to speak to the media in Hamilton, Ont., on Nov. 8, 2018. The Canadian Press/Nathan Denette
The Canadian Press
Updated:

OTTAWA—Canada’s Global Affairs Department says too many of its employees are being deceived by digital scams—a “serious problem” that could see sensitive information end up in the wrong hands.

The increasingly sophisticated phishing campaigns—which fool users into revealing passwords and other closely guarded data—are targeting email, texting, and social media accounts, the department says.

Global Affairs plans to hire a company to test employees with phoney phishing messages to raise awareness and stamp out the electronic scourge.

In a tender call on Nov. 19, the department said workers who click on tempting but bogus links would be directed to educational resources to help them identify telltale traits of such messages and report them to officials.

The move comes as organizations of all kinds become more conscious of threats from cyber criminals and state-sponsored hackers out to make a quick buck or steal valuable secrets.

Global Affairs warns a successful attack could lead to everything from a malware infection or loss of information to a complete shutdown of a government network that would disrupt operations.

“Even worse, sensitive information in the wrong hands could potentially put our staff or partners in physical danger,” the bid solicitation says.

“It is important for staff members to understand that they must do their part to prevent successful phishing attacks.”

The department has more than 10,000 employees spread across Canada and 178 missions in more than 100 countries, providing consular assistance to Canadians and administering international programs.

It wants the chosen company to run three tests per fiscal year and provide statistical summaries of the results.

The reports would include aggregate numbers on those who took the clickbait—excluding individual results—by region, branch, and directorate, the bid documents say. “The data collected will produce statistics that will allow us to evaluate our state of readiness against real attacks.”

Four years ago, hackers used emails, malware, and password theft to worm their way into National Research Council computers in pursuit of valuable scientific and trade secrets.

Government officials took the unusual step of openly blaming the intrusion on a highly sophisticated, Chinese state-sponsored player. Beijing denied involvement, accusing Canada of making irresponsible charges.

The Canadian Security Intelligence Service has since warned China and Russia routinely target Canada’s classified information and advanced technology as well as its government officials and systems.

Federal officials are also wary of foreign attempts to interfere with Canada’s democratic institutions and electoral processes.

Last year, Elections Canada put out a call for a company to run a simulated phishing program to create awareness among staff.