Phishing scams target military, families, veterans

By Margaret McBride, Army CIO/G-6December 23, 2011

The Firewall
(Photo Credit: U.S. Army) VIEW ORIGINAL

WASHINGTON (Dec. 23, 2011) -- Anyone who gets caught by phishing scams loses money, time and security. Phishing is usually an unsolicited email that prompts an action, such as divulging secure information, downloading potentially dangerous files, or sending money to an unknown source.

A recent aggressive phishing attack is making the rounds in an email to USAA members, which appears be from USAA, a financial services company that serves service members, their families, and veterans. The email subject begins with "Deposit Posted."

Members are asked to open a Zeus-infected attached file. Once opened, it launches a malicious virus which if launched could provide access to personal information and may require a complete reinstall of the computer operating system. Most USAA members are affiliated with the military.

Other attacks have been directed at U.S. military installations and defense facilities. Official looking emails appear to come from a senior officer or other authority figure not known to the recipient, instructing the recipient to download and install software. This is often portrayed as a critical security measure that must be immediately deployed.

What actually happens is that the software is either a Trojan Horse that will destroy systems and networks, or data mining software that will now be past firewall defenses.

Phishers prey on greed, fear, and especially for military targets, obedience to authority. They have become increasingly sophisticated, and create official looking emails and design sites for gathering data.

Be wary of any unsolicited email that requests secure information or instructs you to download software. It is extremely rare for any financial institution including PayPal and Ebay to ask for such information. Check official websites for information on how to recognize fraudulent emails and sites--including military websites. Always get confirmation from a trusted source before downloading and installing software. If something doesn't seem quite right, it probably isn't.

For more information, visit any of these sites:

http://www.antiphishing.org/consumer_recs.html

http://www.ic3.gov/default.aspx

http://wombatsecurity.com/antiphishingphil

Related Links:

U.S. Army Chief Information Officer / G-6

Wombat Security Technologies

Antiphishing.org: How to Avoid Phishing Scams

Army stresses caution, education to combat social media scammers

Army.mil: Inside the Army News

Internet Crime Complaint Center

U.S. Army Social Media Handbook

VIDEO: The Twelve Days of Cybermas presented by "On Cyber Patrol"