Apr 25, 2018

Most federal IT contractors don't protect emails from fraud

Photo: Jaap Arriens/NurPhoto via Getty Images

Only one of the top 50 federal IT contractors has fully implemented an email protocol designed to prevent fraud, the Global Cyber Alliance advocacy group reports.

Why it matters: Without a contractor using the DMARC protocol, recipients of emails claiming to be from that contractor will not automatically double check whether those emails are authentic. That means incoming emails could impersonate the contractor and fraudulently ask a victim to transfer money for unpaid bills or log in to a phishing website.

The details: DMARC allows recipients of an email to double check with the purported sender that it actually sent the email. If an email is faked, that purported sender can instruct the recipient to reject the email, send it to the spam folder or do nothing at all.

  • Only one firm has the reject setting turned on, according to the GCA audit.
  • One firm requests fake emails be treated as spam.
  • 26 have DMARC, but don't instruct the recipient to do anything if emails are fraudulent.
  • 21 do not have DMARC installed.
  • One has DMARC improperly configured, and makes no request.

The rules: The Department of Homeland Security required agencies to begin installing DMARC last year, but the order did not extend to contractors.

Go deeper

Exclusive: Trump's "Deep State" hit list

Illustration: Aïda Amer/Axios. Photos: WPA Pool/Getty Pool, Drew Angerer/Getty Staff

The Trump White House and its allies, over the past 18 months, assembled detailed lists of disloyal government officials to oust — and trusted pro-Trump people to replace them — according to more than a dozen sources familiar with the effort who spoke to Axios.

Driving the news: By the time President Trump instructed his 29-year-old former body man and new head of presidential personnel to rid his government of anti-Trump officials, he'd gathered reams of material to support his suspicions.

Exclusive: Anti-Sanders campaign targets black South Carolina voters

Courtesy of The Big Tent Project

The Big Tent Project, a Democratic political group focused on promoting moderate presidential candidates, has sent hundreds of thousands of mailers bashing Bernie Sanders to black voters in South Carolina who voted in the state's 2016 primary.

Why it matters: Sanders' rise to the top of the pack, as dueling moderate candidates split their side of the vote, is worrying many in the Democratic political establishment who fear a socialist can't beat President Trump.

Inside the fight over FBI surveillance powers

Carter Page. Photo: Artyom Korotayev\TASS via Getty Images

Over the past year, President Trump has told senior administration officials, including Attorney General Bill Barr, that he wants a major overhaul of national security surveillance powers and the secret court that approves them.

Behind the scenes: In one such discussion last year about the need to reauthorize government authorities to surveil U.S. citizens, Trump went so far as to say he'd rather get rid of the Foreign Intelligence Surveillance Act (FISA) altogether.