A self-styled "email prankster" based in the U.K. fooled senior White House officials into thinking he was other officials. On one occasion, the prankster convinced a White House official tasked with cyber security that he was President Donald Trump's son-in-law Jared Kushner and received that official's private email address unsolicited.
"Tom, we are arranging a bit of a soirée towards the end of August," the prankster wrote to Homeland Security Adviser Tom Bossert on an Outlook account purportedly belonging to Kushner. "It would be great if you could make it, I promise food of at least comparible [sic] quality to that which we ate in Iraq. Should be a great evening."
Bossert replied: "Thanks, Jared. With a promise like that, I can't refuse. Also, if you ever need it, my personal email is" [redacted].
The email prankster shared the emails with CNN, noting he was surprised Bossert responded given his expertise. The prankster also posed as former White House Chief of Staff Reince Priebus and had a lengthy conversation with Anthony Scaramucci, who at the time was serving as the White House Communications Director before he was fired yesterday. The prankster posted several screenshots of his communications with Scaramucci to a Twitter account.
The prankster also spoke to Scaramucci while masquerading as Russian ambassador-designate Jon Huntsman.
White House Press Secretary Sarah Huckabee Sanders acknowledged the incidents. "We take all cyber related issues very seriously and are looking into these incidents further," she said.
Cyber experts say the incidents demonstrate how vulnerable officials are to spear-phishing tactics, which hackers often use to gain access to private information. "This shows how susceptible government officials are to spear-phishing in general," said Adam Malone, who formerly worked as a former cyber specialist and special agent for the FBI. "Spear-phishing is the most common technique used by hackers to gain access to their victims. This information shines a light on how easy it is for people to build trust with unverified individuals."