WASHINGTON, March 23, 2015 – Defense Department employees and their families should be vigilant when guarding personal and work information from expanding cyber-criminal activity, and to know how to recognize scammer tactics, according to DoD’s chief information officer.
Terry A. Halvorsen issued a DoD-wide memorandum March 18 about the growing threat of cybercrime “phishing” and “spear phishing” in emails, on social media sites and through phone calls.
“Phishing” is defined as sending fraudulent emails that claim to be from reputable sources, such as a recipient’s bank or credit card company, to gain personal or financial information.
Recipients of such emails are often directed to fraudulent websites that mimic familiar-looking bank and e-commerce sites, according to Encyclopedia Britannica. Phishers ask recipients to “update” or “confirm” accounts, which discloses confidential information such as Social Security and credit card numbers.
“Spear phishing” is the latest twist on phishing, according to Britannica, and it targets companies and government agencies through “select employees” with fraudulent emails, which appear to come from trusted or known sources. When employees click on links in the emails, hostile programs enter the organization’s computers.
Cyber-crime tactics evolving
“Cyber criminals continue using phishing and spear-phishing attacks,” Halvorsen said in his memo, “and their tactics are evolving in an increasingly predatory manner.”
While military members and DoD civilians are routinely trained in recognizing cyber security red flags, DoD also wants its workforce’s families and parents to be prepared to deal with suspicious email, he added.
These cyber criminals also track and mine social media accounts such as Facebook, LinkedIn and others “to interact with people and compromise accounts,” Halvorsen said.
Arm Yourself with Knowledge
“Phishing continues to be successful because attackers do more research, evolve their tactics and seek out easy prey,” he said. “We need to arm ourselves and our families with defensive skills and knowledge to protect [against] being victimized by a phishing email, computer or phone scam.”
Halvorsen advises these safeguards to protect against phishing and spear phishing, which can also lead to identity theft:
- Never trust links or account/password prompts within email messages.
- Note that phishing emails sometimes have poor grammar or misspelled words.
- Do not trust information-seeking emails and phone calls, and verify such threats.
- Never provide your user identification and/or password.
- Refuse social media connection requests from anyone you haven't personally met.
- Use spam filters for personal email.
- Never email personal or financial information, even if you know the person requesting it.
- Be wary of pop-ups; don't click links or enter any data.
- Don't copy web addresses from a pop-up into a browser.
- Don't click on links, download files or open attachments.
In his memo, Shielding the Department of Defense and Family Members from "Phishing" and
"Spear Phishing," Halvorsen includes a list of resources, listed below, to help people gain defensive knowledge.
Halvorsen’s memo encourages service members and families to share the resources with friends and communities.
Special Report: The Cyber Domain - http://www.defense.gov/home/features/2013/0713_cyberdomain/