William Eichler 12 October 2017

Over 80% of councils leaving citizens exposed to ‘phishing attacks’, survey reveals

Over 80% of councils leaving citizens exposed to ‘phishing attacks’, survey reveals

Millions of citizens are exposed to the threat of phishing attacks, as new survey reveals 84% of local authorities in England lack adequate cyber defences.

The cloud data intelligence company OnDMARC analysed 152 council domains to assess whether they had implemented DMARC, the Government-backed protocol for securing email systems against phishing attacks.

The study discovered just one council in the North West had taken adequate steps to secure its domain against email impersonation, while in the East Midlands, London and the North East, just 11%, 15% and 17% respectively, demonstrated adequate security protection.

The failure of councils to secure their domains sufficiently contravenes the recommendations of the National Cyber Security Centre which stated last year, ’Widespread adoption of the DMARC protocol is essential to defend against targeted cyber threats.’

‘Without DMARC, local authorities’ email domains can easily be spoofed by criminals,’ said Randal Pinto, COO and co-founder, OnDMARC.

‘What this means for residents of some of England’s largest cities – including Birmingham, Liverpool and Bristol – is that they’re being put at risk of receiving fraudulent emails and thus falling victim to data or financial theft.

‘Whether you’re dealing with residents of the smallest local authority in the Isles of Scilly or Barnet, the largest borough of London, local authorities have an obligation to ensure their citizens aren’t a target for phishing attacks from spoofed Government email addresses.’

‘While a handful of councils have taken steps to secure their domains, more authorities need to heed the advice of GCHQ’s security arm by deploying DMARC,’ Mr Pinto continued.

‘HMRC has reported that 300 million phishing emails have already been blocked following DMARC deployment, keeping taxpayers secure from the threat of phishing attacks.’

comments powered by Disqus