Most White House email domains could be vulnerable to phishing
A new report shows that many of them haven't even implemented security protocols.
We can likely all agree that governmental cyber security is an important issue. While the Attorney General has created a task force to deal with election hacking, there have been plenty of digital security fails in the past year. And the FCC doesn't seem to care too much about data privacy, either. Now, according to a report from security firm Global Cyber Alliance (GCA), more than 95 percent of the email domains managed by the Executive Office of the President (EOP) — including WhiteHouse.gov — could be used in a phishing attack due to lax security protocol.
The top defense against email phishing and spoofing, says the report, is called the Domain Message Authentication Reporting & Conformance (DMARC). Only one of the domains from the EOP (Max.gov) has fully implemented this system. Seven domains have implemented DMARC at the lowest level ("none"), which does not prevent delivery of email from spoofed addresses. The security firm also says it found that 18 of the 26 domains haven't even started deploying DMARC. That means that scammers can easily use these official governmental email addresses to "steal money, trade secrets or even jeopardize national security."
"Email domains managed by the EOP are crown jewels that criminals and foreign adversaries covet," said GCA CEO Philip Reitinger in a statement. "The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed." The good news, he said, is that four new email domains have at least implemented the lowest level of DMARC, which might mean that the implementation of security might be moving forward. There still seems to be a ways to go, however, until all domains from the EOP are protected at the highest possible level.
