From Tweney Media client ValiMail, a timely post:
A Russian phishing attack used a fake Harvard email address in an attempt to get malware into American think tanks and nonprofits, the Harvard Crimson reports.
The attack shows how effective it can be for phishers to use the exact domain name of organizations that are unprotected by email authentication.
This attack also shows how difficult email authentication is for many organizations–Harvard included. Quotes in the Crimson story, and ValiMail’s domain checker, make it clear that Harvard was essentially defenseless against phishing attacks.
Worse: Phishing-led attacks account for a huge proportion of hacks, including the momentous intrusions into the Democratic National Committee. Hackers start their assault by sending phish emails to targets within the organization, and if they’re lucky enough to get someone who clicks on a link or opens a malicious attachment, they use that opening to get into the network itself.
Hey, it worked on John Podesta.