Over 140 thousand US federal employees exposed to phishing scams in 2020

Edward G. | March 10, 2021

Recent estimations by the Atlas VPN research team reveal that as many as 1.45 million US government employees were potentially exposed to mobile phishing scams from January 1, 2020, to December 31, 2020. 

Phishing attacks designed to steal sensitive data like login credentials can be delivered through email, messaging applications, social media platforms, or even dating applications.

The estimations are based on numbers provided by Lookout, a leading mobile security platform. Lookout is used by the US federal, state, and local government workers on both personal and government-issued mobile devices. 

Analysis reveals that as many as 140 thousand US federal employees were exposed to phishing scams in 2020. Furthermore, over 366 thousand state employees potentially received phishing scams at least one time in the period from January 1 to December 31, 2020. 

Finally, considering the fact that 1 in 13 employees in local government got exposed to phishing scams, this puts the number of potentially affected individuals at more than 946 thousand.

The analysis also found that over 70% of phishing scams are geared towards stealing login credentials from government employees. 

After obtaining username and password combinations, hackers can move laterally around the organization's internal systems until they locate the data that they want to steal or tinker with. 

99% of US government employees run outdated Android OS’s

Perhaps even more shocking is the fact that a staggering 99% of US government Android users run on outdated operating systems, exposing them to hundreds of vulnerabilities. 

For example, as many as 22.8% of the US government staff that have Android devices still use the Android 8 operating system. This version of OS is called Android Oreo and was released to the public on August 21, 2017. 

Currently, this operating system has 636 known vulnerabilities. Moreover, we can expect countless new attack vectors to surface as time goes by.

As of March 10, 2021, the newest Android operating system is version 11. It was released on September 8, 2020, but only 0.08% of US government workers have updated their phones to this release. 

The Android 11 has less than 50 known vulnerabilities, while the older one, Android 10, is known to have at least 266. 

In contrast, iOS users do seem to be more cautious, and they update their devices more frequently, as 67.8% of workers use the latest iOS 14 version that also has less than 50 known vulnerabilities.

Still, over one-third of government workers running iOS operating systems ignore update pop-ups and run iOS systems version 13 or older. 

As a final note, we see these figures as a massive concern since government agencies store extremely sensitive data about citizens. If that data falls into the wrong hands, it could cause large-scale havoc. 

John C.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.

Tags:

phishing