Defense Department employees and their families should be vigilant when guarding personal and work information from expanding cyber-criminal activity, and to know how to recognize scammer tactics, according to DoD’s chief information officer.
Terry A. Halvorsen issued a DoD-wide memorandum March 18 about the growing threat of cybercrime “phishing” and “spear phishing” in emails, on social media sites and through phone calls.
“Phishing” is defined as sending fraudulent emails that claim to be from reputable sources, such as a recipient’s bank or credit card company, to gain personal or financial information.
Recipients of such emails are often directed to fraudulent websites that mimic familiar sites. Phishers ask recipients to “update” or “confirm” accounts, which discloses confidential information such as Social Security and credit card numbers.
“Spear phishing” is the latest twist on phishing. It targets companies and government agencies through “select employees” with fraudulent emails, which appear to come from trusted or known sources. When employees click on links in the emails, hostile programs enter the organization’s computers.
Cyber-crime tactics evolving
While military members and DoD civilians are routinely trained in recognizing cyber security red flags, DoD also wants its workforce’s families and parents to be prepared to deal with suspicious email, he added.
These cyber criminals also track and mine social media accounts such as Facebook, LinkedIn and others “to interact with people and compromise accounts,” Halvorsen said.
Arm Yourself with Knowledge
“Phishing continues to be successful because attackers do more research, evolve their tactics and seek out easy prey,” he said. “We need to arm ourselves and our families with defensive skills and knowledge to protect [against] being victimized by a phishing email, computer or phone scam.”
Halvorsen advises these safeguards to protect against phishing and spear phishing, which can also lead to identity theft:
- Never trust links or account/password prompts within email messages.
- Note that phishing emails sometimes have poor grammar or misspelled words.
- Do not trust information-seeking emails and phone calls, and verify such threats.
- Never provide your user identification and/or password.
- Refuse social media connection requests from anyone you haven’t personally met.
- Use spam filters for personal email.
- Never email personal or financial information, even if you know the person requesting it.
- Be wary of pop-ups; don’t click links or enter any data.
- Don’t copy web addresses from a pop-up into a browser.
- Don’t click on links, download files or open attachments.
Halvorsen encourages service members and families to share the resources with friends and communities.
Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense. For other than authorized activities, such as, military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD website.