White House fooled by email prankster - Mimecast cyber-resilience expert responds
Following the news that a British “email prankster” fooled several White House officials into thinking that he was one of them, Mimecast cyber-resilience expert, Hiwot Mendahun comments that better security measures and training must be implemented to prevent further hoaxes.
Back in July, the prankster reportedly posed as the recently fired Chief of Staff, Reince Priebus and engaged in an email spat the also recently-fired but then newly hired White House director of communication, Anthony Scaramucci after he had insulted Priebus to a reporter.
Calling himself ‘@SINON_REBORN’, he then posted the email exchange on Twitter (see below).
The prankster also posed as Russia-designate Jon Huntsman, and caught out Homeland Security Adviser Tom Bossert, the White House official tasked with cyber security. Jared Kushner was also targeted.
Bossert is then said to have given the fake Kushner his email address.
Speaking to CNN, White House press secretary Sarah Huckabee Sanders acknowledged the incidents and said they were being treated seriously. "We take all cyber related issues very seriously and are looking into these incidents further," she said.
The only person who realised he was a hoaxer was Eric Trump. After initially believing he was being emailed by his brother Donald Trump Jr, he soon caught on and responded: "I have sent this to law enforcement who will handle from here."
Commenting on the hoax, Hiwot Mendahun, a cyber-resilience expert at email security firm Mimecast, said:
"Email connects the world's leaders, businesses and everyday individuals, whatever their status or intent yet was never designed with security in mind. This prank follows a rise in similar attacks asking for wire transfers or confidential data like HR records or tax information. Spear phishing and impersonation attacks are easy to launch with free email addresses or by registering lookalike domains. Mobile email users are particularly vulnerable. All organisations need to consider stamping external emails with simple warnings and conduct regular training to help employees recognise possible scams."