Twitter Is Tricking Its Own Employees Into Clicking On Spam Mail

Following the Sony Pictures Hack, Xbox hack and others, large tech companies are now using slightly unorthodox methods to clue their employees up on the possible vulnerabilities that still lie within the company.

Those vulnerabilities are the employees themselves. By clicking on spam emails, employees are opening up a door that hackers are increasingly using as a way to access large corporate systems.

To try and plug this hole, Twitter is actually sending its employees fake spam in a campaign that hopes to raise awareness and increase security within the company.

The move comes off the back of a recent study by the Online Trust Alliance which found that out of the 1,000 breaches in the first half of 2014, 90 percent were preventable and more than 1 in 4 were caused by employees.

Phishing is increasingly becoming a high-risk problem for employers and Twitter isn't the only company that's using the practise to try and educate its workers.

Wombat recently sent out a spate of fake phishing emails disguised as internal IT error messages. The emails would appear as though they were official, claiming that the user's account was about to be locked as they had sent too many undeliverable emails.

At the bottom would be a link that the user could click to re-activate the account. Normally in this situation the link would then be the entry point for the attack, however in this case it simply pops up with a message saying,

"Oops! The email you just responded to was a fake phishing email. Don't worry! It was sent to you to help you learn how to avoid real attacks. Please do not share your experience with colleagues, so they can learn too."

At the moment the only solution is to create a universal verification system that's adopted by all the providers including Google, Facebook and others. However this is a long way off and so for now, fake phishing campaigns are the most direct way to raise awareness.