WT Business Beat

By Nick Wakeman

Blog archive
Nick Wakeman

State looking to go on phishing expedition

The State Department is looking for a service to launch simulated phishing attacks on its employees as a training tool.

In a new sources sought notice, State is looking for a “phishing as a service” solution that would send emails to up to 190,000 users through the department, including those posted overseas.

Phishing is the malicious practice of trying to acquire information such as usernames and passwords by posing as a trustworthy entity.

In the scenario laid out in the State Department RFI, the contractor would send emails to state.gov addresses with embedded links back to the contractor.

If you click through, you would be hit with immediate training including awareness of the mistake you made and information on proper procedures to follow in the future.

In essence, the State was to test its employees to see how likely they are to fall for a phishing attack.

The phishing as a service contractor will have its systems completely separate from the State Department, so there will be no co-mingling of data.

The contractor also will have to identify common threat vectors and other vulnerabilities in State systems.

Responses to the RFI are due March 7.



Posted by Nick Wakeman on Feb 29, 2016 at 9:26 AM

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

WT Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.