Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Federal Contractors Open To Phishing: Study

Post a Fraud Alert:
  • by Ray Schultz

    4 hours ago

Few large federal contractors are fully protected against domain-based email impersonation, according to a study by Valimail.

Of 98% companies studied, 46% have deployed DMARC,
(Domain-based Message Authentication, Reporting Conformance), a higher rate than almost any other sector, Valimail reports.

But only 5% are enforcing DMARC, leaving themselves open to
phishing emails, it adds.

Valimail determined that 53 contractors have no DMARC records.

Another 38 contractors have correctly configured DMARC records, but have not set an enforcement
policy. Two had incorrectly configured records.

These firms are not covered by the same cyber security requirements as government agencies.

“While the DMARC adoption rate in this
industry may seem low, at 46% it’s actually far higher than almost any industry Valimail has studied, with the exception of the Federal government itself,” states Alexander García-Tobar, the
CEO and co-founder of Valimail.

However, he adds that, “given the low enforcement rates, it’s also clear that both agencies and the contractors that serve them have far to go before they
are protected from the most pernicious and most common form of cyber attack: The impersonation attack.”

Valimail analyzed the primary domains for 98 of the largest 100 contractors for the
fiscal year 2017, DMARC and Sender Policy Framework records from the Domain Name System.




Article source: