[ISN] Officials Warn of 'Phishing' Scams Targeting Troops

From: InfoSec News <alerts_at_private>
Date: Wed, 12 May 2010 00:39:48 -0500 (CDT)
http://www.defense.gov/news/newsarticle.aspx?id=59099

By Lisa Daniel
American Forces Press Service
May 10, 2010

WASHINGTON, May 10, 2010 - U.S. Strategic Command officials are urging 
renewed vigilance against Internet-based identity theft after detecting 
a widespread 'phishing' expedition against servicemembers.

Phishing is a term used to describe deceiving people into divulging 
personal information such as passwords or account numbers over the 
Internet.

Beginning as early as May 2009 and lasting as late as March 2010, 
numerous fraudulent e-mails were sent to financial customers of USAA and 
Navy Federal Credit Union, Stratcom officials said in a recent news 
release.

The e-mails, which appear to originate from USAA and the credit union, 
ask the recipient to provide or verify personal information such as name 
and rank, account numbers, date of birth, mother's maiden name, address 
and phone numbers, online account user name and password, credit card 
numbers, personal identification numbers for automated tellers, and 
Social Security numbers.

"While these e-mails may appear to be legitimate, it.s important to 
remember USAA and Navy Federal Credit Union will never ask for [personal 
identification] or to verify financial institution data via e-mail," the 
Stratcom release says.

Although the e-mails have official-looking logos, headers and signature 
blocks, "these are all common cyber espionage 'spear-phishing' tactics 
used to trick recipients," it says.

USAA posted a notice on its website May 4 warning of the phishing 
attempt.

Phishing scams can reach servicemembers not only through personal e-mail 
accounts, but also through their official e-mail. Air Force Gen. Kevin 
P. Chilton, Stratcom commander, told the House Armed Services Committee 
in March that every commander needs to focus on keeping networks secure.

"It should be the focus of every commander in the field, the health and 
status of their networks, just as they're focused on the health and 
status of their people, their tanks, their airplanes, their ships, 
because the networks are so critical," he said. "So, changing their 
conduct, training them and then holding people accountable for their 
behavior on the network is important."

The Defense Department is home to some 7 million computers and more than 
15,000 local and regional area networks, Stratcom officials said. The 
networks are scanned millions of times per day and probed thousands of 
times per day, with a frequency and sophistication that is increasing 
exponentially, they said.

The intrusions come from a variety of sources with different intentions, 
from individual hackers intent on theft and vandalism, to espionage by 
foreign governments and adversaries, they said.

"This is, indeed, our big challenge in U.S. Strategic Command as we 
think about how we're going to defend and secure the networks," they 
said.

Stratcom officials offered these suggestions to keep your personal 
information safe:

-- Always protect your personal identification and be cautious whom you 
   provide it to, especially by phone or Internet;

-- Be suspicious of any unsolicited e-mail, pop-up, website or phone 
   call in which you are asked to provide personal information;

-- Cross-reference information with the official sites, looking for the 
   'https' secure connection.

-- Do not click on any link provided in a suspicious e-mail, and take 
   caution in opening e-mail attachments or downloading files, 
   regardless of who sends them;

-- Keep your personal computer.s anti-virus, anti-spyware, firewall and 
   other security software running and up to date;

-- Regularly review your bank statements for suspicious activity.
 

_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Tue May 11 2010 - 22:39:48 PDT

This archive was generated by hypermail 2.2.0 : Tue May 11 2010 - 22:45:49 PDT