Washington Technology reports on a high-tech war game at the U.S. Military Academy at West Point that featured an unusual enemy: Internet scammers. The Wall Street Journal called the exercise "good guys masquerading as bad guys pretending to be good guys." (If you think about the Citigroup ads for identity theft, this makes much more sense) It was all part of a larger effort to make West Point cadets more aware of phishing scams that appear to have originated from a well-known source.

There's clearly a lot of training yet to do -- "We got an 80% click rate on the first test e-mail, sent to 400 West Point cadets... Subsequent exercises with as many as 3,000 cadets produced lower response rates, but the rates did not drop sharply." (In all fairness, though, the phony e-mails included the name of a West Point colonel, and everybody knows that you don't disobey a direct order from a higher-ranking officer)

The top-ranking Internet security official of New York state also reported similar findings in tests of 10,000 state employees in five departments. The government employees were especially susceptible to "spear phishing" attacks, in which the scammers targeted a specific organization. Basically, if people working in the cubicle next to you get the same message as you do, and the e-mail appears to be coming from your boss, it's an easy trap to fall into...