http://www.nextgov.com/cybersecurity/2014/06/fake-dot-gov-webmail-used-phishing-scam-hack-epa-and-census-staff/86374/?oref=ng-HPtopstory
By Aliya Sternstein
Nextgov.com
June 12, 2014
A Nigerian man has admitted to compromising the email accounts of federal
employees to order agency office products that he then sold on the black
market, according to newly filed court papers.
Abiodun Adejohn and conspirators cheated government supply vendors out of
almost $1 million worth of goods through the scheme.
The hackers broke into the accounts through a series of impersonations
targeting Environmental Protection Agency and Census Bureau staff. First,
they sent the employees "phishing" emails purporting to be from government
agencies that contained links to seemingly legit agency webmail login
pages. But the webpages actually stole usernames and passwords the
employees entered.
Many federal agencies are vulnerable to this type of mimicry because of
poor cyber hygiene, according to a report released Wednesday. Analysts at
the Online Trust Alliance found that many federal webpages and email
addresses are missing encryption and verification protections that could
prevent phishing scams.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
