With current world circumstances and a heightened Army Cyber Protection Condition Levels (CPCON) our workforce now more than ever is susceptible to social engineering attacks by our adversaries. A common attack vector for targeting DoD personnel is phishing. Please read and digest the below information to keep your organization safe and mission ready.
Definition of phishing: The fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate website.
If the victim 'takes the bait,' the criminal will use malicious links, attachments or simple instructions to obtain sensitive information such as: usernames, passwords, social security numbers, credit card numbers and PII/PHI.
Detecting and preventing a phishing scam
Cybercriminals will go to great lengths to make a message look authentic and official, many phishing emails share qualities that can be detected. If you receive a message with any of the following red flags, do not follow its instructions, click its links, or download its attachments. If you receive a message with any of the following red flags, do not follow its instructions, click its links, or download its attachments. Instead, contact your IASO, Cyber Security POC, G-6 Staff, to inquire about the message's authenticity.
Phishing scams rely on deception, so being aware of common scam features can make all the difference in preventing yourself from being victimized. Avoid phishing by paying attention to the following:
- Spelling & grammatical errors:
- Slight variations in the email address that attempt to look authentic but don't quite hit the mark are common.
- If you receive an email from an unknown sender that comes with an attachment you weren't expecting, don't click or download it.
- The message is extremely time-sensitive: If you've received a message out of the blue that offers a deal, but only if you act now, it's probably a scam.
- The offer is too good to be true: The age-old saying applies as much here as anywhere else. Emails claiming that you've won just about anything, or that you're being refunded for a purchase you never made are bad news. Report these!