Many people become victims of email phishing scams that cause them to release personal confidential data. But, how much is our national defense at risk? One recent exercise led 30% of people with a military address tested to fall victim to a clever scam.
More than 3,000 soldiers, civilians and family members with military email addresses provided personal information in a phishing scam that was sent to 10,000 email addresses on March 30th. The well-designed phishing email promised free tickets to area theme parks, with a link to a Web site that appeared to belong to the Family and Morale, Welfare and Recreation Command and used FMWR Web graphics and logo, according to the U.S. Army.
But, the link did not really belong to the FMWR.
Fortunately, no personal information was transmitted. These "phishing" emails developed by the Army Computer Emergency Response Team (ACERT) in a Global Computer Network Defense exercise, Bulwark Defender 08, to test the defensive posture of the Army LandWarNet.
"This exercise illustrates how hackers can turn the popularity of a trusted resource such as the MWR Web site against unwitting personnel by using real information and activities openly available on the Internet," stated a second email from ACERT. "As you know, phishing emails are a common method used by Hackers to infiltrate Army networks and systems. Your ability to identify and respond to phishing attempts is paramount to the defense of critical information systems that make up the Army LandWarNet. Soon, you will receive another email from the ACERT that will provide education on how to identify 'phishing' attempts as illegitimate."
FMWRC officials were not alerted to the exercise in advance because the unit "limits the number of trusted agents" in phishing exercises of this type, according to ACERT officials.
"From the outside, looking in, the customer has no way of knowing FMWRC was not involved in this exercise," said Ms. Laurie Pugh, Public Affairs Officer for FMWRC. "We have no idea how many of our customers this exercise has alienated ... The Family and MWR Command has spent decades and millions of dollars establishing our brand as one that can be recognized and trusted by Soldiers and Families ... We have yet to determine how much of that trust has been undermined by this exercise."
Subscribe by Email
