Experts discover phishing campaign leveraging .gov TLD loophole
Researchers have picked up on a new spam campaign that sends victims phishing messages from a .gov account that thwarts email validation systems.
One of the email addresses used by the attacker leverages the .gov TLD, which circumvents Sender Policy Framework (SPF) email validation, thus increasing the chances of victims actually receiving the spam, according to researchers at Trend Micro.
Two other registered domain names leveraged by the miscreant have SPF records published, which allows for organizations with an enabled SPF system to properly authenticate the message, however, “there is no SPF record to authenticate” .gov messages.Thus far, more than 430,000 phishing messages have been sent to more than 4,600 IP addresses located in more than 120 countries between March 4 and March 11. Close to 60 percent of the message senders are located in the U.S.