Symantec recently reported that it has detected phishing sites hosted on government servers. In the last month, it has found phony sites hosted on government servers in Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia. This new disturbing trend compromises the credibilty of government-hosted sites and jeopardizes the security within government online transactions.
Basically, these phishing sites managed by data thieves are used to mimic authentic business or government sites in order to gather valuable information from users such as credit card details or account passwords. These information are in demand in the underground market, and these could easily result to identity theft or account fraud.
Government servers that are involved in low-risk jobs are often the target of this sort of scams. However, despite these servers being relatively low-risk, this still poses a problem. "Under the Federal Information Security Management Act, information technology security in the federal government is based on a philosophy of risk management. It does not aim for absolute security — which is impossible anyway — but for the proper level of security. Administrators do a risk-based assessment of their IT systems, prioritizing them by their vulnerabilities, their role in the agency’s mission and the criticality of that mission." Nonetheless, the impact and dangers of these phishing sites that are faced by the citizens should very well be considered in the process of risk-assessment as well.
Read the full article here.