A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited.
“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”
Bossert wrote back: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted).
Bossert did not respond to CNN’s request for comment; the email prankster said he was surprised Bossert responded given his expertise. The emails were shared with CNN by the email prankster.
White House officials acknowledged the incidents and said they were taking the matter seriously. “We take all cyber related issues very seriously and are looking into these incidents further,” White House press secretary Sarah Huckabee Sanders told CNN.
Cyber experts consulted by CNN say the incidents are illustrative of how vulnerable Americans — even those in the highest reaches of power — remain to the potential threat of spear-phishing, the process through which officials are duped by hackers, and expose government computers and systems to various cyber threats. No one in any of these situations clicked any links making them vulnerable, and the prankster appears motivated by mischief not anything more malignant, so the severity of these White House pranks should not be overstated. But spear-phishers often begin the process by falsely posing as a friend or associate before asking the victim to take further action.
“This shows how susceptible government officials are to spear-phishing in general,” Adam Malone, a former cyber specialist and special agent for the FBI, told CNN.
“Spear-phishing is the most common technique used by hackers to gain access to their victims. This information shines a light on how easy it is for people to build trust with unverified individuals.”
Former Hillary Clinton campaign chair John Podesta infamously fell victim to such a trap, though the person who preyed on him had more nefarious intentions than mockery.
“I try and keep it on the…