Email is one of the most common attack vectors used by hackers to get into government networks. The well-publicized, late 2014 attack on the US State Department is the latest notable example of purposeful attacks on email systems to obtain sensitive content and user’s Personally Identifiable Information (PII). In early 2015, it was revealed that the infiltration extended to White House and other agency email systems.
Here, hackers send targeted communications or “phish” for information they can use to perpetrate other attacks and establish a foothold in an agency. They may try to trick users into providing personal data – such as usernames and passwords, sensitive data, records, etc. – or entice them to click on a link or open a file that contains malicious code that automatically infects the endpoint.