Menu
Belgian government phishing test goes off-track

Belgian government phishing test goes off-track

A drill caused confusion when a regional government impersonated a rail company without informing it

Digital key

Digital key

An IT security drill went off the tracks in Belgium, prompting a regional government office to apologize to European high-speed train operator Thalys for involving it without warning.

Belgium's Flemish regional government sent a mock phishing email to about 20,000 of its employees to see how they would react.

The email purported to be a booking confirmation from Thalys for a trip from Brussels to Paris, including a stay in a fancy hotel. The cost -- almost €20,000 (about US$22,000) -- would be charged to the recipient's credit card unless the person cancelled within three days, the email said.

To cancel the trip, the email instructed recipients to send their credit card information to Thalys, Belgian media reported.

Rather than hand over such information, though, government employees started calling Thalys to complain, to the bewilderment of its staff: The government had neglected to inform Thalys of the drill and nobody in the company's call center knew what was going on.

Some government employees also reported the matter to the police.

Frank Geets, the Flemish government's administrator-general for facility management, said the government went a bit off the rails by not informing Thalys of the drill.

"We made the mail as realistic as possible and used Thalys' logo. But actually, we did not have their permission to do so," Geets told Flemish news channel VTM, adding that the government has apologized to Thalys for "being a bit overzealous."

While phishing attacks against staff are a perennial problem for large organizations, training to defend against them needs to be done with care and forethought. The Flemish government is not the first to discover this: An anti-phishing exercise by a U.S. Army commander went farcically wrong last year.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentThalys

Featured

Slideshows

Tech industry comes out in force as Lancom turns 30

Tech industry comes out in force as Lancom turns 30

A host of leading vendors and customers came together to celebrate the birthday of Lancom Technology in New Zealand, as the technology provider turned 30.

Tech industry comes out in force as Lancom turns 30
The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Show Comments