Most federal agencies doing nothing to fight phishing attacks
Section: Communications, Email / IM, Computers, Security
A new report is revealing that most federal agencies aren’t following security protocols that could prevent phishing attacks. The report by the Online Trust Alliance, a group of security companies working to fight email and Internet fraud, found that 56% of the 25 agencies it studied did not authenticate emails or domain names, leaving themselves open to phishing attacks.
Phishing is an epidemic these days. Government agencies and financial firms are common targets. Scammers send out fake emails that look like they came from them, often with links to spoofed sites that often look disturbingly legit. Anyone who falls for the scam has their personal info (social security numbers, credit card and banking info, log ons and passwords, etc) stolen. Some scammers simply clean out the victim’s bank account and run up huge charges on their credit cards. Others sell the info to other criminals for big bucks.
14 federal agencies, including the Department of Homeland Security, the Treasury, the FBI and the White House, earned failing grades in security, while the Bureau of Veterans Affairs, the Census Bureau and the IRS were among the agencies that passed. The IRS is one of the most popular targets of phishers, who send thousands of fake emails claiming the user is owed a substantial tax refund or stimulus payment.
Anyone else find it incredible that the Department of Homeland Security was found to have little or no computer security protocols in place? That doesn’t make one feel particularly secure about their ability to protect the company, does it? Hopefully the report will lead them to put those protocols in place.
Read [Nextgov]
Full Story » | Written by Sue Walsh for Gadgetell. | Comment on this Article »
