Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.
Reporters at Canada's National Post newspaper uncovered an internal exercise, in which 5,000 employees were sent a mock phishing email to see if they would recognize an online scam. Nearly two thousand clicked on the embedded links, representing 37 percent of recipients.
The internal test, details of which were obtained under the Access to Information Act, was part of a series of exercises that escalated in sophistication. Those who fell foul of the test emails were shown an alert screen, educating them on the dangers of phishing.
More of the tests were conducted in February and April, and the number of employees falling for these tests dropped by half, indicating that the awareness campaign was working.