Latest in Gear

Image credit:

Most White House email domains could be vulnerable to phishing

A new report shows that many of them haven't even implemented security protocols.
Rob LeFebvre, @roblef
April 4, 2018
Share
Tweet
Share

Sponsored Links

Gary Blakeley

We can likely all agree that governmental cyber security is an important issue. While the Attorney General has created a task force to deal with election hacking, there have been plenty of digital security fails in the past year. And the FCC doesn't seem to care too much about data privacy, either. Now, according to a report from security firm Global Cyber Alliance (GCA), more than 95 percent of the email domains managed by the Executive Office of the President (EOP) — including WhiteHouse.gov — could be used in a phishing attack due to lax security protocol.

The top defense against email phishing and spoofing, says the report, is called the Domain Message Authentication Reporting & Conformance (DMARC). Only one of the domains from the EOP (Max.gov) has fully implemented this system. Seven domains have implemented DMARC at the lowest level ("none"), which does not prevent delivery of email from spoofed addresses. The security firm also says it found that 18 of the 26 domains haven't even started deploying DMARC. That means that scammers can easily use these official governmental email addresses to "steal money, trade secrets or even jeopardize national security."

"Email domains managed by the EOP are crown jewels that criminals and foreign adversaries covet," said GCA CEO Philip Reitinger in a statement. "The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed." The good news, he said, is that four new email domains have at least implemented the lowest level of DMARC, which might mean that the implementation of security might be moving forward. There still seems to be a ways to go, however, until all domains from the EOP are protected at the highest possible level.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Live PlayStation 5 photos reveal a truly giant console

Live PlayStation 5 photos reveal a truly giant console

View
Microsoft releases a final preview for Windows 10's October update

Microsoft releases a final preview for Windows 10's October update

View
The original Pixelbook is out of stock on the Google Store (updated)

The original Pixelbook is out of stock on the Google Store (updated)

View
Homeland Security warns of a 'critical' security flaw in Windows servers

Homeland Security warns of a 'critical' security flaw in Windows servers

View
Sony apologizes for botched PlayStation 5 pre-orders

Sony apologizes for botched PlayStation 5 pre-orders

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr