By Justin Creech, Belvoir EagleApril 19, 2013
Servicemembers and Department of Defense civilians need to be mindful of the emails they receive in their personal email accounts.
A number of users accessing personal webmail accounts from their DoD systems recently exposed a spear-phishing campaign targeting DoD users' personal webmail accounts. A total of 15 different subject lines and four different domains appeared in the spear-phishing campaign.
"The emails are being sent out in an attempt to obtain information for identity theft," said Dennis Joyner, U.S. Army Signal Network Enterprise Center, director. "Internet phishers do this by accessing your email and private accounts."
Domains to be cautious of receiving emails from are www.mindstyle.com, info.mindstyle.com, www.aafbonus.com, and www.johnmcgann.com.
Subject lines to be aware of are "Your Password Reset Request," "Re-update your account," "Amazon Invoice Notification in March," "Notice: You need to pay your remaining balance," "Update your credit card information with PayPal," and "Your Yahoo! account information has changed."
"Hackers will use a subject line that makes email look like it's from someone you know," said Joyner.
According to an analysis by the U.S. Army 93rd Signal Brigade, when these emails are viewed, and the system initiates the request to the malicious domain specified in the embedded code, it appears the malicious domain presents a fake Yahoo webpage asking the user to re-enter his or her password for verification. This webpage is designed to appear identical to the page presented when a Yahoo user's mail session expires.
"If there's a number in the email address it is most likely a scam," said Joyner. "People should look at the top right of the screen for the Secure Socket Signal."
Additionally, it is probable that if the user does not realize the email is malicious, and attempts to re-authenticate with what is believed to be the webmail provider, then the user's credentials for the personal webmail account will be forwarded to the malicious operators. Once the user's webmail account is compromised, the adversary could use that access to gather log-on credentials for secure military sites.
DoD users should not access personal email from government systems to prevent adversaries from accessing the military network or government credentials. In all cases, be wary of any unexpected emails and do not open them. Do not use the reading pane -- it opens the email and activates any malicious code, according to the 93rd Signal Brigade's report.
According to Joyner, servicemembers and DoD civilians need to be extra aware of identity theft attempts, because any trouble can result in a loss of their security clearance.
"If a servicemember or DoD civilian is a victim of identity theft and has his or her credit card racked up, it could cause them to have trouble with their security clearance," said Joyner.
Having strong anti-virus systems like McAffee, Symantic and updated firewalls lessens the odds of a person's computer being hacked, said Joyner.
Joyner also said government employees need to leave their work CPU's powered at all times.
"They need to leave the CPU powered so NEC can update security software," said Joyner. "We do it overnight or on the weekends, so if the CPU is turned off, that person won't receive the security update."