Self-described "email prankster' fooled White House officials into thinking he was a fellow official. Using his spear-phishing tactics for "mirth not malice", he was able to extract a cyber security official's private email address unsolicited by pretending to be Jared Kushner.
Although this is a prank, the same tactics can be used to cause real harm to people and their organizations.
White House officials acknowledged the incidents and said they were taking the matter seriously. "We take all cyber related issues very seriously and are looking into these incidents further," White House press secretary Sarah Huckabee Sanders told CNN. Cyber experts consulted by CNN say the incidents are illustrative of how vulnerable Americans -- even those in the highest reaches of power -- remain to the potential threat of spear-phishing, and expose government computers and systems to various cyber threats. No one in any of these situations clicked any links making them vulnerable, and the prankster appears motivated by mischief, so the severity of these White House pranks should not be overstated. But spear-phishers often begin the process by falsely posing as a friend or associate before asking the victim to take further action.