Email fraud is getting more frequent and more sophisticated, including greater use of a tactic to which federal agencies are especially vulnerable, making the emails appear to come from within an organization, according to the Proofpoint IT security firm.
Along with “payment” the most common words in fraudulent emails are typically used terms inside government including “request” and “urgent,” a report said. Also, “the number of people targeted within each organization continues to rise,” including messages purporting to be from high-level offices within the organization.
Nearly one in every eight emails shown as sent from a federal agency domain is fraudulent, it said, with common techniques to mislead readers including swapping letters, adding or deleting a letter or adding a hyphen to a legitimate domain.
DHS has ordered agencies to implement authentication methods called Sender Policy Framework and Domain-based Message Authentication, Reporting & Conformance but only 17 percent of agency domains have deployed both, it said.
“Another clever tactic that we have seen in recent quarters is to end the email with a fake email history, a fabricated chain of back-and-forth replies. This fictional backstory gives the email a veneer of authenticity and spurs the victim to act,” it added.