U.S. Department of Justice staff are just like you and me—their retirement plan took a hit in the economic downturn. So when they got an email saying they might qualify for bailout money, some of them responded.

Unfortunately, the response required them to enter their account information at a fake website. Fortunately, the site was set up by their own employer. It was a test to see how many staff would fall for a phishing scheme.

Apparently, the test ended there. But the department could have turned the fake site into an interesting mini-lesson and used it to market their privacy course. Here’s one approach.

1. Separate the clueless from the savvy [Read more...]