The US government still doesn’t know how to protect itself from basic phishing attacks

Even after data breaches at multiple agencies and overall vows to do better on cybersecurity, government employees continue to be duped by cyber attackers’ phishing emails. A New York Times report today says over the past month, Iranian hackers successfully used spear phishing emails — specifically designed messages meant to convince a victim to enter account credentials — against State Department officials to gain access to their social media and email accounts. Staffers only discovered their accounts were compromised when Facebook alerted them to suspicious activity. Apparently none of them used two-factor authentication. Iran allegedly targeted these government workers, who focused on Iran and the Middle East, to gain access to their…

Continue reading…