Story image

IAG Insurance attempts to scam own employees - but not in a bad way

01 Jun 17

The country's largest insurer is sending fake phishing emails to its own staff. Not to scam them into giving back their wages, but to test them on their cyber security awareness.

Mark Knowles, director of cyber security and risk at IAG New Zealand, said the firm began sending fake emails several months ago as part of a company-wide approach to cyber security and awareness of online scams.

ALl of IAG’s 3500 staff are sent a phishing email once a month, and those who click on links are then sent an instant reminder to undertake cyber security training. It’s a great way to get employees clued up, but could be pretty embarrassing for those employees when they realise. Still, better safe and sheepish than legitimately attacked.

Knowles said they began the programme with an easy scam - an email about a turkey recipe for the American holiday Thanksgiving.

"We started with something quite simple,” he says.

Not many people fell for the first one but the second scam, which was more elaborate, got a few bites.

Knowles would not say how many staff were tricked into clicking the second time around, citing security reasons.

"I'm not too keen to let people know how many people clicked on the phishing email. The number to start with was really low,” he says.

“The more important part was that it raised awareness across all staff not just about phishing emails but security."

It also prompted more people to click on its internal cyber security warning button which automatically sends a notice to its cyber defence centre.

Knowles said the system helped the company to identify the kinds of scams that everyday people would be most likely to fall for.

It also created a whole team of people looking out for scams across the company rather than just having a small team focused on it.

Staff are not punished for clicking on the fake scam emails, but those who identify emails as malicious are rewarded.

He would not say how many scams the company has caught but said there were a lot going on all the time.

"These campaigns are running by adversaries all the time."

Last week’s global WannaCry scam was just the latest cyber attack, and Knowles said and it served as a reminder for companies and individuals to be aware of the risks.

Knowles said another reason the company was training its staff to recognise scams was to help make people safer at home which also protected the company - due the number of people that brought devices such as phones and tablets into and out of the office each day.

The insurer is also not alone in using fake email scams on its staff.

"I know some of the banks do," said Knowles.

He said corporates were also sharing scam warnings with each other, despite their competitive nature.

"We do talk to each other. It is the good guys versus the bad."

49 inches: Samsung's latest gaming monitor steps up to Dual QHD
Samsung’s gaming monitors will have a few extra inches around the waist this year.
Jobs 'aplenty' for freelance writers, devs & ecommerce specialists?
Jobs tagged with the keyword ‘writing’ took the top spot as the fastest moving job in 2018.
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
iPhone XS Max costs average Kiwi 11.6 work days – world comparison
A new study has compared how long it will take the average worker in 42 countries to purchase Apple's newest iPhone - NZ doesn't do too bad.
Chorus reckons Kiwis have an insatiable appetite for data
New Zealanders love the internet – and we love Fortnite even more.
Hands-on review: XANOVA Juturna-U gaming headset
Despite my first impressions on the quality of the headset, I was disappointed with both of the auxiliary cables provided, which felt cheap and would cut out, almost as if they were already frayed.
Audioengine’s Wireless A5+ are just bloody good speakers
I judge these speakers on the aspects that Audioengine boasts about - quality, streaming, simplicity and versatility
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.