Dutch vital infrastructure not careful enough with email server security: report
Companies in the Netherlands' vital infrastructure, such as banks, energy companies, and governments, are not careful with their systems and email servers. As a result, cyber attackers can easily counterfeit their emails and domain names, Zembla found in research done with the Internet Cleanup Foundation, NOS reports.
The researchers surveyed 100 organizations on the security of their emails and domain names. Only 43 had their affairs in order. Among those whose emails and domain names can easily be imitated are drinking water company PWN, telecoms provider T-Mobile, energy network operator Tennet, and Schiphol Airport.
By default, emails are set up so that anyone can email on behalf of any email address. Administrators of mail servers have to indicate who can send mail on behalf of their domain name. If they don't, anyone can do it. This allows an attacker to impersonate the company in emails, resulting in credible-looking phishing emails. This practice is known as spoofing.