Officials warn of 'phishing' scams

11 May 2010 | Lisa Daniel

U.S. Strategic Command officials are urging renewed vigilance against Internet-based identity theft after detecting a widespread "phishing" expedition against servicemembers.

Phishing is a term used to describe deceiving people into divulging personal information such as passwords or account numbers over the Internet.

Beginning as early as May 2009 and lasting as late as March 2010, numerous fraudulent e-mails were sent to financial customers of USAA and Navy Federal Credit Union, STRATCOM officials said in a recent news release.

The e-mails, which appear to originate from USAA and the credit union, ask recipients to provide or verify personal information such as name and rank, account numbers, date of birth, mother's maiden name, address and phone numbers, online account user name and password, credit card numbers, personal identification numbers for automated tellers and Social Security numbers.

"While these e-mails may appear to be legitimate, it's important to remember USAA and Navy Federal Credit Union will never ask for (personal identification) or to verify financial institution data via e-mail," the release says.

Although the e-mails have official-looking logos, headers and signature blocks, "these are all common cyber espionage 'spear-phishing' tactics used to trick recipients," it says.

USAA posted a notice on its website May 4 warning of the phishing attempt.

Phishing scams can reach servicemembers not only through personal e-mail accounts, but also through their official e-mail. Gen. Kevin P. Chilton, STRATCOM commander, told House Armed Services Committee members in March that every commander needs to focus on keeping networks secure.

"It should be the focus of every commander in the field, the health and status of their networks, just as they're focused on the health and status of their people, their tanks, their airplanes, their ships, because the networks are so critical," he said. "So, changing their conduct, training them and then holding people accountable for their behavior on the network is important."

The Defense Department is home to some 7 million computers and more than 15,000 local and regional area networks, STRATCOM officials said. The networks are scanned millions of times per day and probed thousands of times per day, with a frequency and sophistication that is increasing exponentially, they said.

The intrusions come from a variety of sources with different intentions, from individual hackers intent on theft and vandalism, to espionage by foreign governments and adversaries, they said.

"This is, indeed, our big challenge in U.S. Strategic Command as we think about how we're going to defend and secure the networks," they said.

STRATCOM officials offered these suggestions to keep your personal information safe:

-- Always protect your personal identification and be cautious whom you provide it to, especially by phone or Internet;

-- Be suspicious of any unsolicited e-mail, pop-up, website or phone call in which you are asked to provide personal information;

-- Cross-reference information with the official sites, looking for the "https" secure connection.

-- Do not click on any link provided in a suspicious e-mail, and take caution in opening e-mail attachments or downloading files, regardless of who sends them;

-- Keep your personal computer's anti-virus, anti-spyware, firewall and other security software running and up to date;

-- Regularly review your bank statements for suspicious activity.