Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

DMARC Fail: English Councils Exposing Users to Phishing

October 12th 2017
Over 100 English local councils are contravening government guidelines and exposing users to the risk of email scams by failing to implement the DMARC protocol, new research has found.

Cybersecurity firm OnDMARC appraised 152 local authorities in England and found only 16% had implemented the email authentication system. That leaves a staggering 128 non-compliant.

Compliance was even lower in the East Midlands (11%) and London (15%), while the North East fared slightly better (17%).

This is despite an order from the Cabinet Office last year requiring all services operating under the service.gov.uk domain to adopt DMARC and HTTPS/HSTS by October 1 2016.

This was followed in June this year by guidance from the National Cyber Security Centre (NCSC) which included DMARC as part of “four simple and free measures for government departments to improve basic cyber security.”

It explained the following:

“The most common way of introducing malware into victims’ systems are email spoofing and spear-phishing where emails are tailored to increase the likelihood of the recipient clicking on a malicious link. Through this attackers steal credentials, making identity fraud and theft easier. The NCSC, together with GDS, have been advocating the use of the DMARC protocol which makes email spoofing much harder.”

The NCSC claimed that by the end of March, 613 .gov domains were registered with the service, up 35% on January.

However, OnDMARC’s research proves there’s still some way to go when it comes to local government.

Phishing is an increasingly popular way for attackers to spread malware and harvest log-ins for use in information-stealing attacks.

It was present in a fifth (21%) of attacks in 2016, up from just 8% the previous year, according to the latest Verizon Data Breach Investigations Report.

OnDMARC argued that while the guidance on email security for central government is unequivocal, it’s not so clear for local government.

“It's advisable for all local authorities to implement DMARC to secure themselves against the threat of email spoofing, however we'd also call on the government to clarify its language and adopt a clear position on DMARC implementation,” the firm told Infosecurity.