NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0470 US Army Conducts "Phishing" Expedition:
The US Army's Computer Emergency Response Team (ACERT) recently sent emails
promising free tickets to area theme parks that linked to a web site posing as
the site for the Family and Morale, Welfare and Recreation Command (FMWRC) - a
legitimate military family support organization - to test susceptibility to
phishing. However, use of the site was reportedly NOT coordinated with FMWRC.
When FMWRC became aware of the phishing attempt, they immediately distributed a
press releas to media outlets worldwide to warn customers tat the offer was
fraudulent. "The Family and MWR Command has spent decades and millions of
dollars establishing our brand as one that can be recognized and trusted by
Soldiers and Families," said FMWARC spokewoman Laurie Pugh. "We have
yet to determin how much of that trust has been undermined by this
exercise." ACERT eventually sent an email to the original 10,000
recipients of the phishing email describing the exercise and stating that
"for those individuals responding to the ACERT Phishing attempts regardless
of what you submitted, no personal data was collected or transmitted." The
article notes that this exercise illustrates how hackers can turn the popularity
of a trusted resource such as the FMWRC web site against unwitting personnel by
using real information and activities openly available on the internet.
(ohmygov.com/blogs 02APR08)