USA — Officials Warn of ‘Phishing’ Scams Targeting Troops

WASHINGTON — U.S. Strate­gic Com­mand offi­cials are urg­ing renewed vig­i­lance against Inter­net-based iden­ti­ty theft after detect­ing a wide­spread “phish­ing” expe­di­tion against ser­vice­mem­bers.

Phish­ing is a term used to describe deceiv­ing peo­ple into divulging per­son­al infor­ma­tion such as pass­words or account num­bers over the Inter­net.

Begin­ning as ear­ly as May 2009 and last­ing as late as March 2010, numer­ous fraud­u­lent e‑mails were sent to finan­cial cus­tomers of USAA and Navy Fed­er­al Cred­it Union, Strat­com offi­cials said in a recent news release.

The e‑mails, which appear to orig­i­nate from USAA and the cred­it union, ask the recip­i­ent to pro­vide or ver­i­fy per­son­al infor­ma­tion such as name and rank, account num­bers, date of birth, mother’s maid­en name, address and phone num­bers, online account user name and pass­word, cred­it card num­bers, per­son­al iden­ti­fi­ca­tion num­bers for auto­mat­ed tellers, and Social Secu­ri­ty num­bers.

“While these e‑mails may appear to be legit­i­mate, it’s impor­tant to remem­ber USAA and Navy Fed­er­al Cred­it Union will nev­er ask for [per­son­al iden­ti­fi­ca­tion] or to ver­i­fy finan­cial insti­tu­tion data via e‑mail,” the Strat­com release says.

Although the e‑mails have offi­cial-look­ing logos, head­ers and sig­na­ture blocks, “these are all com­mon cyber espi­onage ’spear-phish­ing’ tac­tics used to trick recip­i­ents,” it says. USAA post­ed a notice on its web­site May 4 warn­ing of the phish­ing attempt.

Phish­ing scams can reach ser­vice­mem­bers not only through per­son­al e‑mail accounts, but also through their offi­cial e‑mail. Air Force Gen. Kevin P. Chilton, Strat­com com­man­der, told the House Armed Ser­vices Com­mit­tee in March that every com­man­der needs to focus on keep­ing net­works secure.

“It should be the focus of every com­man­der in the field, the health and sta­tus of their net­works, just as they’re focused on the health and sta­tus of their peo­ple, their tanks, their air­planes, their ships, because the net­works are so crit­i­cal,” he said. “So, chang­ing their con­duct, train­ing them and then hold­ing peo­ple account­able for their behav­ior on the net­work is impor­tant.”

The Defense Depart­ment is home to some 7 mil­lion com­put­ers and more than 15,000 local and region­al area net­works, Strat­com offi­cials said. The net­works are scanned mil­lions of times per day and probed thou­sands of times per day, with a fre­quen­cy and sophis­ti­ca­tion that is increas­ing expo­nen­tial­ly, they said. The intru­sions come from a vari­ety of sources with dif­fer­ent inten­tions, from indi­vid­ual hack­ers intent on theft and van­dal­ism, to espi­onage by for­eign gov­ern­ments and adver­saries, they said.

“This is, indeed, our big chal­lenge in U.S. Strate­gic Com­mand as we think about how we’re going to defend and secure the net­works,” they said.

Strat­com offi­cials offered these sug­ges­tions to keep your per­son­al infor­ma­tion safe:
— Always pro­tect your per­son­al iden­ti­fi­ca­tion and be cau­tious whom you pro­vide it to, espe­cial­ly by phone or Inter­net;
— Be sus­pi­cious of any unso­licit­ed e‑mail, pop-up, web­site or phone call in which you are asked to pro­vide per­son­al infor­ma­tion;
— Cross-ref­er­ence infor­ma­tion with the offi­cial sites, look­ing for the “https” secure con­nec­tion.
— Do not click on any link pro­vid­ed in a sus­pi­cious e‑mail, and take cau­tion in open­ing e‑mail attach­ments or down­load­ing files, regard­less of who sends them;
— Keep your per­son­al computer’s anti-virus, anti-spy­ware, fire­wall and oth­er secu­ri­ty soft­ware run­ning and up to date;
— Reg­u­lar­ly review your bank state­ments for sus­pi­cious activ­i­ty.

U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)