Endpoint Protection

In recent months, Symantec has detected a number of phishing sitesthat have been hosted on government URLs. In June alone, phishing siteswere identified on government sites from the following countries:Thailand (.go.th), Indonesia (.go.id), Hungary (.gov.hu), Bangladesh(.gov.bd), Argentina (.gov.ar), Sri Lanka (.gov.lk), Ukraine (.gov.ua),China (.gov.cn), Brazil (.gov.br), Bosnia and Herzegovina (.gov.ba),Columbia (.gov.co), and Malaysia (.gov.my).

This might come as a surprise to some people, as governments arethought to have very secure computer systems. However, the quantity ofphishing sites hosted on government domains around the world seems tosuggest otherwise. These fraudulent sites look like legitimate Websites and are designed to trick users into divulging personalinformation such as government-issued identity numbers, bank password,or credit card numbers. Most phishing sites are placed on governmentWeb servers by hackers who have gained access to the server through abackdoor, a vulnerable Web interface, or some other means.

Hosting a phishing Web page on a government site has a number ofadvantages for a phisher. Government Web sites often receive a highvolume of traffic, so their servers can handle the extra trafficgenerated by a phishing site. This extra traffic might not be noticedimmediately, giving the phishing site a longer lifespan before it isdetected and shut down. Perhaps most importantly, hosting a phishingsite on an actual government URL gives the phishing site a sense ofauthenticity that’s hard to beat.