The Mexican government is facing a series of security issues related to emails, according to an investigation by Publimetro. Recently, it was discovered that email accounts with the 'gob.mx' domain belonging to government officials were being sold on a cybercrime forum. Some of these domains did not have full DMARC protection, allowing dangerous phishing campaigns that could compromise citizens' personal information.
In a specific example, on October 25, a user received an email from an official account of the Secretariat of the Interior with a link to download a supposed invoice, which led to a site with malware. Although the indicated domain had DMARC protection, it was not active, leaving the possibility of impersonation.
On the same day, several journalists also received suspicious emails from an official address of the Morena party, raising concerns about identity theft and possible phishing attacks. These messages appeared legitimate as they used the official domain in the addresses.
Additionally, it was reported that a journalist specialized in technology received a phishing email under a similar scheme on October 30, suggesting an active impersonation campaign affecting various sectors.
The absence of DMARC in government and political party domains like Morena allows cybercriminals to send fraudulent emails that seem genuine, creating a significant vulnerability in Mexico's cybersecurity and putting citizens' sensitive information at risk. These accounts are sold on the black market, facilitating unauthorized individuals to send messages from them, generating a lucrative business for hackers.
To combat such attacks, the importance of implementing DMARC is highlighted, a tool that helps detect and fix email authentication issues, identifying fake messages and ensuring the secure delivery of emails. Additionally, the implementation of two-factor authentication and zero-trust policies is suggested to strengthen security and prevent unauthorized access.
In summary, the implementation of DMARC in government and political domains is essential to reduce identity theft attempts and protect citizens' information.
