Report: Justice Department sends hoax e-mail to test workers

DOJ phishing e-mail that entices federal employees to provide sensitive financial information turns out to be a test of their security awareness.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

A U.S. Department of Justice e-mail that phished for sensitive information from federal workers was a hoax that the agency sent out to test its own security awareness, according to a report.

The e-mail, sent two weeks ago to Justice Department employees, directed recipients to a Web site that prompted them to supply account information related to the federal retirement savings program, the Associated Press reported.

"We have learned that the messages are part of a hoax invented and distributed by DOJ to test employee security awareness," Ted Shelkey, assistant director for information systems security, wrote in an e-mail to the AP on Wednesday.

Justice Department spokeswoman Gina Talamona confirmed that the e-mail was a security test.

"Scenarios are intended to represent an example of persistent cyberthreats facing today's Internet users," she told the news service. Talamona did not immediately return a call seeking comment on Friday and Shelkey could not be reached.

Updated 4:25 p.m. PST: After this story was published, the DOJ's Gina Talamona called CNET News and said the test was conducted from January 25 to January 27. "We conduct periodic exercises to test the security posture of our information users...as a tool to train and educate employees." The DOJ has been doing it for about three years, she added.