When you think of spam messages, the government is not the first thing that comes to your mind, well until now. A UK-based blog, My Online Security, has reported that they have received spam emails from official email domains from the Kenyan government.
The blog claims that it received an email from an environment.go.ke email address, which is the official domain for the Ministry of Environment in Kenya – this we can confirm.
The blog goes ahead to say that at first they thought it was a spoofed government email address (the address is meant to appear as if it is from the government but it isn’t), however upon checking the IP address of the said email, they confirmed that it is indeed coming from government servers.
This is the email received by the blog:
The speculation is that there is an infected computer in the government network or someone gave out their email credentials to the spammer. My bet being on the former, seeing that it is not impossible that the government computers could still be running on Windows XP or some other older Oerating System.
Last year, a time like this, the Kenyan government embarked on a project to centralize communication in the government by using a single platform to host all government emails, regardless of the fact that such a platform would expose the government to information security risks that could lead to dire consequences.
My Online Security claims that when they checked their spam folder, they found more spam emails from domains associated with the Kenyan government, specifically from the Ministry of EAC, Labour and Social Protection (labour.go.ke).
(Click image to enlarge)
The blog reads, “.Gov domains and email addresses should always be 100% safe, secure and never used for spam, scams or malware. Unfortunately some countries are not as careful or efficient at securing them.”
At this point, I got embarrassed on behalf of the Kenyan government. Let’s hope that they deal with this issue with the seriousness it deserves.