DHS phished own employees with Redskins tickets

Spear-phishing is an easy and effective way for hackers to gain access to secure systems, with the only real defense being a well-educated workforce.

One means of training employees not to click on suspicious links in emails is to set up phishing stings — fake malicious emails that show them just how easy it is to become a victim.

"This email was in fact a mock spear-phishing campaign," he said during a speech at C4ISR's CyberCon on Nov. 18. "It bore many of the telltale signs, including an unusual from address and an embedded link."

Employees that clicked through the link received a follow-up message to come to a room in the building to receive their tickets.

"Our adversaries understand that human behavior can be exploited as a weakness," he added. "The answer to this particular big problem is pretty simple: raise awareness."

More In CyberCon

Space Force should consider alternative launch sites, lawmakers say

The House Armed Services Committee's fiscal 2025 defense policy bill highlights capacity concerns at DOD's Eastern and Western launch ranges.

Ukraine, Russia race to shield battle tanks from exploding drones

First-person-view drones threaten everything that moves on the front lines of Ukraine's defense against Russian invaders.

US Army experiments with long-endurance drones, balloons in Philippines

The Extended Range Sensing and Effects Company used Balikatan to test capabilities as it develops requirements for the force.

Lawmakers propose DIU-managed military testing and evaluation cell

The effort would begin as a three-year pilot program aimed at making it easier for high-need technologies to move through traditional testing processes.

Disinformation creates ‘precarious year for democracy,’ experts warn

Some of the messaging meant to sow division is reaching veterans and service members by preying on their sense of duty to the U.S.