Latest in Gear

Image credit: Gary Blakeley

Most White House email domains could be vulnerable to phishing

A new report shows that many of them haven't even implemented security protocols.
222 Shares
Share
Tweet
Share
Save

Sponsored Links

Gary Blakeley

We can likely all agree that governmental cyber security is an important issue. While the Attorney General has created a task force to deal with election hacking, there have been plenty of digital security fails in the past year. And the FCC doesn't seem to care too much about data privacy, either. Now, according to a report from security firm Global Cyber Alliance (GCA), more than 95 percent of the email domains managed by the Executive Office of the President (EOP) — including WhiteHouse.gov — could be used in a phishing attack due to lax security protocol.

The top defense against email phishing and spoofing, says the report, is called the Domain Message Authentication Reporting & Conformance (DMARC). Only one of the domains from the EOP (Max.gov) has fully implemented this system. Seven domains have implemented DMARC at the lowest level ("none"), which does not prevent delivery of email from spoofed addresses. The security firm also says it found that 18 of the 26 domains haven't even started deploying DMARC. That means that scammers can easily use these official governmental email addresses to "steal money, trade secrets or even jeopardize national security."

"Email domains managed by the EOP are crown jewels that criminals and foreign adversaries covet," said GCA CEO Philip Reitinger in a statement. "The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed." The good news, he said, is that four new email domains have at least implemented the lowest level of DMARC, which might mean that the implementation of security might be moving forward. There still seems to be a ways to go, however, until all domains from the EOP are protected at the highest possible level.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
222 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View
TiVo tries running pre-roll ads before your recorded shows

TiVo tries running pre-roll ads before your recorded shows

View
YouTube CEO apologizes for channel verification mess (updated)

YouTube CEO apologizes for channel verification mess (updated)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr