[ISN] Fake Dot-Gov Webmail Used in Phishing Scam to Hack EPA and Census Staff

http://www.nextgov.com/cybersecurity/2014/06/fake-dot-gov-webmail-used-phishing-scam-hack-epa-and-census-staff/86374/?oref=ng-HPtopstory By Aliya Sternstein Nextgov.com June 12, 2014 A Nigerian man has admitted to compromising the email accounts of federal employees to order agency office products that he then sold on the black market, according to newly filed court papers. Abiodun Adejohn and conspirators cheated government supply vendors out of almost $1 million worth of goods through the scheme. The hackers broke into the accounts through a series of impersonations targeting Environmental Protection Agency and Census Bureau staff. First, they sent the employees “phishing” emails purporting to be from government agencies that contained links to seemingly legit agency webmail login pages. But the webpages actually stole usernames and passwords the employees entered. Many federal agencies are vulnerable to this type of mimicry because of poor cyber hygiene, according to a report released Wednesday. Analysts at the Online Trust Alliance found that many federal webpages and email addresses are missing encryption and verification protections that could prevent phishing scams. […]