Remember meForgot password?
    Log in with Twitter

article imageNew phishing campaign targets gov’t departments around the world Special

By Tim Sandle     Dec 13, 2019 in Technology
Computer analysts have discovered a new type of phishing campaign which attempts to the take login credentials from government departments, targeting almost very civil service center around the world.
According to the Anomali research, the attacks have targeted at least 22 different organizations across U.S., Canada, Europe and Asia. The cyberattacks consist of emails purporting to be related to the targeted government agencies and attempts to fool users into clicking an e-mail link that sends them to authentic-looking (but fake) government agency websites. Here people unwittingly give away their username and password.
It is presently unclear who is behind the attacks or what their primary goals are. To understand more about the attacks, Digital Journal caught up with Peter Goldstein, co-founder of Valimail. alimail provides solutions to businesses in order to stop fake email, protecting brands, and helping ensure compliance.
Goldstein begins my emphasizing that the attacks represent something new: “This new global phishing campaign targeting government departments is a prime example of how sophisticated and convincing cyber-crime tactics have become, especially phishing attacks."
He also warns that this type of cyber-attack should not be underestimated, with too many people assuming that e-mail spoofs and other variants of phishing are easy to spot. Gone are the days of spam emails being worded badly; hacker have become more sophisticated.
With the specific case, Goldstein advises: "In this particular instance, the hackers are using advanced impersonation techniques and even writing emails in the targets’ native language, all with the aim of driving victims to spoofed websites that will steal the victims’ login credentials."
In terms of preventative actions, Goldstein recommends that enterprises "implement known best practices to proactively defend their inboxes, such as enforcing DMARC (Domain-based Message Authentication, Reporting & Conformance)." DMARC is a protocol that uses Sender Policy Framework, (SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message.
More about Phishing, Cybersecurity, Government, Cyberattack
Latest News
Top News