ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
Phishing
1. Navy IO Center of Excellence
Phishing Awareness
Naval OPSEC Support Team (NOST)
Navy Information Operations Command (NIOC) Norfolk
(757) 417-7100 DSN 537
OPSEC@navy.mil
www.nioc-norfolk.navy.mil
http://www.facebook.com/NavalOPSEC
UNCLASSIFIED//FOUO
Updated: 27 Mar 2013
2. Phishing
Navy IO Center of Excellence
Phishing is an illegal activity using social engineering techniques to
fraudulently solicit sensitive information or install malicious software.
Phishing attempts solicit sensitive information such as usernames,
passwords, personal information, military operations details, financial
information and so on.
Phishing emails can also include malicious links or attachments.
Common phishing techniques:
- Phishing
- Spear phishing
- Whaling
- Vishing
- Smishing
UNCLASSIFIED//FOUO
3. What is phishing?
Navy IO Center of Excellence
Phishing: An email scam intended to lure a user into providing sensitive
information.
• Yahoo link URL spoofing
• A fake or forged URL which
impersonates a legitimate
website.
• Requests credit card information
• Threatens service interruption
UNCLASSIFIED//FOUO
4. What is spear phishing?
Navy IO Center of Excellence
Spear phishing: A targeted scam directed at a specific person or
department.
• Addresses the target/recipient by
name or other personal detail
• Attacker generally references
specific personal information
about the target.
• Emails appear legitimate
• References factually correct
details, operational terms, etc.
Malicious URL
• Links or attachments malicious in
nature.
• Viruses, malware, URL spoofing
UNCLASSIFIED//FOUO
5. What is whaling?
Navy IO Center of Excellence
Whaling: A phishing scam directed specifically at high ranking officers
or other high profile targets within the government, military or business.
• Addresses the high profile target by
name or other personal detail
• Attacker knows specific personal
information about the target.
• Emails appear legitimate
• Include specific, accurate details,
such as names and operational
details, to stress legitimacy.
Download includes a keystroke
logger virus • Links or attachments malicious in
nature.
• Viruses, malware, URL spoofing
UNCLASSIFIED//FOUO
6. What is vishing?
Navy IO Center of Excellence
Vishing: A phone scam intended to lure a user into providing sensitive
personal information.
• Typically solicit personal
information through scare tactics
• Warns of credit card fraud,
instruct target to provide account
details to prove identity
• Callers often imitate legitimate call
centers
• Target specific, critical details
• Financial information,
operational dates, locations, etc.
UNCLASSIFIED//FOUO
7. What is smishing?
Navy IO Center of Excellence
Smishing: A phishing scam that sends bogus text messages to mobile
phones.
• Direct a target to call a number or
link to a website.
• Personal, sensitive information is
requested
• Malicious websites install
malware on mobile devices,
collect sensitive information
• Callers often imitate legitimate call
centers
• Target specific, critical details
• Financial information,
operational dates, locations, etc
UNCLASSIFIED//FOUO
8. What is sextortion?
Navy IO Center of Excellence
Sextortion: Sexual exploitation as a means of blackmail or extortion.
• Sexually explicit content obtained
through enticement or theft is
leveraged against a person.
• Money
• Sex
• Information
• Extortionists commonly find targets
on:
• Social networking sites
• Mobile applications (i.e. instagram)
• Private chat messages & chat rooms
• Web cams
UNCLASSIFIED//FOUO
9. Identifying a phishing scam
Navy IO Center of Excellence
Phishing scams tend to have common characteristics which make them easy to identify.
• Spelling and punctuation errors.
• Include a redirect to malicious URL’s which require you input usernames and passwords
to access.
• Scare tactics to entice a target to provide personal information or follow links.
• Sensational subject lines to entice targets to click on attached links or provide personal
information.
• Try to appear genuine by using legitimate operational terms, key words and accurate
personal information.
• Fake or unknown sender.
UNCLASSIFIED//FOUO
10. How to avoid a phishing scam
Navy IO Center of Excellence
Protect yourself from phishing scams:
• Do not register official government/.mil email accounts with any commercial websites.
• Patch/update web browsers as needed.
• Beware the unknown sender or sensational subject line.
• You will never get a free iPad, don’t fill anything out.
• When in doubt, call your financial institutions to verify if your account has been
compromised.
• Do not follow links included in emails or text messages, use a known good link instead.
• Digitally sign and encrypt emails where ever possible.
• Only follow links or download attachments from digitally signed emails.
• Do not follow links to unsubscribe from spam, simply mark as spam and delete.
• Do not make security challenge answers for account validation easy to guess/learn
details.
UNCLASSIFIED//FOUO
12. Questions?
Navy IO Center of Excellence
Naval OPSEC Support Team (NOST)
Navy Information Operations Command (NIOC) Norfolk
(757) 417-7100 DSN 537
OPSEC@navy.mil
www.nioc-norfolk.navy.mil
http://www.facebook.com/NavalOPSEC
UNCLASSIFIED//FOUO