".Gov" Emails And Their Social Engineering Value To Online Criminals

Washington County, Arkansas officials recently announced that its network was hit with a cyberattack recently, but that the hackers were not able to get into the system. The county is speculating that the hackers were trying to get into the system so they could send out emails with the ".gov" address.

On a Friday, county officials noticed the email system was not working correctly. The IT department was able to shut down all attempts to get into the system.

That weekend, from Friday to Sunday, there were 64,000 attempts to get into the email system. County officials say that number is not as big as it seems. "These attacks, sadly, are so common," said a county spokesperson. "It's become part and parcel for any business municipality."

Attacks against any public-facing servers may be common, but the county takes all attack attempts seriously. "Washington County hit with cyber attack" 4029tv.com (Dec. 18, 2023).

 

Commentary

 

A .gov email lends credibility to phishing attempts. If a phishing attack comes from a government entity with a .gov address, the more likely targets will open the email. By combining a false community threat with a .gov address, criminals have a remarkably strong phishing scheme.

Two learning opportunities are highlighted in this instance which serve as reminders for organizations to always be vigilant.

There is no suggestion that the cybercriminals penetrated the county's email servers, but they clearly were in the process of doing so by unleashing multiple thousands of attempted logins. This caused a slowdown in server performance, which users detected and reported to IT.

When systems are otherwise operating normally and then begin operating abnormally, something is amiss. A slowdown right before the weekend was enough to alert IT to investigate.

Had the attack happened on the weekend when fewer users could have noticed the slowdown, the attempted penetration might have turned out differently.

The second lesson comes from the location and possible purpose of the attack. Malicious emails remain far and away the preferred method of tricking authorized users into allowing malware to enter a protected network.

Threats via email remain popular because they work. They are hidden in an email coming from an otherwise trusted sender, such as one ending in .gov, or .edu, for example. Unwary users can be tricked into opening such emails. Once in, malware could be used to harvest account names, numbers, and passwords, leaving the organization open to identity theft or other financial losses.

Finally, your opinion is important to us. Please complete the opinion survey: