Tech Desk 
Jun 27, 2025
The National Cyber Emergency Response Team (National CERT) has officially shared a critical advisory alerting public, private, and government organisations to the growing threat of cyberattacks from email misconfigurations.
The advisory reveals the rising cases of phishing, business email compromise (BEC), and domain spoofing, which are being exploited worldwide and have implications for Pakistan’s national security, economy, and public trust.
Attackers are capitalising on weak email security configurations to impersonate organisations, steal credentials, distribute ransomware, and execute financial fraud, according to the advisory.
The absence of authentication measures such as SPF, DKIM, and DMARC allows malicious actors to bypass detection and manipulate trusted communication channels.
The advisory outlines specific vulnerabilities identified with technical codes, including WK-1 (no email protection protocols), WK-4 (DMARC in monitoring mode only), and WK-5 (missing subdomain protections), all of which leave domains exposed to spoofing and abuse.
According to the National CERT, immediate steps are needed at the user and system administration levels.
“Organisations are urged to enforce email security standards across all domains and subdomains, enable multi-factor authentication, conduct regular security audits, and train staff to identify phishing and spoofing attempts.”
“Email service providers are advised to implement strong domain authentication protocols and deploy advanced security tools to monitor and filter malicious content,” the National CERT stated.
The National CERT suggests incident reporting through its official portal (https://pkcert.gov.pk/report-incident.asp) and encourages collaboration for real-time threat intelligence sharing.
