The cybersecurity firm Proofpoint just released a frightening statistic. One out of every eight emails you will receive with what looks like a government address is not a government address. They are phony and are sent by hackers and spammers.
Proofpoint said about 10% of the one in eight are from IP addresses outside of the U.S.
The company doesn’t name names but did say close to 300 agencies were “spoofed” as the company calls them. A whopping 80% of those from one of the agencies came from a Russian IP address.
That 80% is significant when considering the volume of emails checked. Proofpoint looked at 70 million messages from federal, state and local government email addresses.
Part of the point of Proofpoint’s survey has to do with a new email security system being put into play for federal agencies by the Department of Homeland Security. It’s called DMARC which stands for Domain-based Message Authentication, Reporting and Conformance. Here’s how it works. An email sends a ping to the sender’s email domain. It then asks if the sender is legitimate. DMARC can then decide — depending on the response — whether to send the email to a spam folder or to not deliver it at all.
Currently close to 85% of the email inboxes for Google’s Gmail, Microsoft’s Outlook and Yahoo Mail use the DMARC system. It is the tool that Homeland Security hopes will keep federal employees from opening phishing emails and that will keep hackers from being able to send them.
Part of the reason for Proofpoint’s — and the federal government’s — concern is focused in a new study done by Google. It identifies phishing as one of the three current biggest and greatest online threat to businesses and individuals.
Hackers — the Google study shows — grabbed 12 million credentials between March of 2016 and March of 2017. Then Google delved into why and it came down to three reasons:
• Keylogging (surveillance software)
• Third-party breaches
The worst is third-party breaches with 3.3 billion attacks. Keylogging accounted for 778,000 and phishing hit 12 million.
Source links: TechTimes, NextGov