Breaking News Emails
It just goes to show: You never know who you're really talking to over e-mail.
A British e-mail prankster reportedly tricked some White House officials, including newly departed communications director Anthony Scaramucci, into believing they were chatting with other members of the Trump administration.
Byers Market Newsletter
The e-mail prankster, who goes by @SINON_REBORN on Twitter, has been tweeting some of the alleged e-mail exchanges, which were first given to CNN. White House Press Secretary Sarah Huckabee Sanders told the network: "We take all cyber related issues very seriously and are looking into these incidents further."
Scaramucci did not immediately respond to NBC News' request for comment. In another e-mail given to CNN, the prankster claims to have posed as Jared Kushner, inviting Homeland Security Adviser Tom Bossert to a "soiree" in August and promising food similar to what they ate in Iraq.
"Thanks, Jared. With a promise like that, I can't refuse," Bossert allegedly replied, also including his personal email.
"I’m sure they’re not terribly thrilled to have fallen prey to this sort of thing and I hope it’s a reminder that everybody needs the security training," Michael Daniel, president of the Cyber Threat Alliance and former cyber security coordinator in the Obama Administration, told NBC News.
Other cyber experts agreed that while the tactic was simple, it's one that is still snaring people around the world every day.
"Even very well-educated individuals, even those educated about the target on their back, still fall victim," Evan Blair, co-founder of security firm ZeroFOX, told NBC News.
"You are not going to hack the White House directly — but humans are still the weakest link. They make a judgement call and decide how to engage and interact," he said.
While the alleged White House e-mail prankster seemed to relish the attention, other cyber attackers go after their victims for even more nefarious reasons — often to steal sensitive information.
Robert Siciliano, CEO of IDTheftSecurity.com, told NBC News knowing the signs of a spear phishing email is key to protecting yourself.
"There are often telltale signs that one can look for to determine if an email communication is real or fake, but nine out of ten times, nobody is looking for these red flags," he said.
The best defense, Siciliano said, is to be suspicious of any messages you receive. Check the email address. It may say it's from the President, but you'll want to closely examine the address to make sure something isn't askew.
"Emails that are toying with emotions, pushing buttons, getting you all riled up, should always be suspect," Siciliano said.
And don't be so quick to click on any links. While it may be highlighted and say "www.bankofamerica.com," Siciliano said that link could easily go to "www.anyscam.com," for example.
Blair said the story serves as a "teachable moment for everybody — especially people who are in positions of importance in enterprise and government."
"It’s a big problem. For the most part, you’re relying on the individual user to determine the legitimacy of the email," he told NBC News.
"Anything you put out there about yourself is going to be used against you. From an information security standpoint, the security team needs to start addressing the human element of security vulnerability, not just the technical. I think we’re seeing that trend occurring."