Cyber warriors test phishing response
By Jennifer Thibault, 50th Space Wing Public Affairs
/ Published March 07, 2011
SCHRIEVER AIR FORCE BASE, Colo. -- As part of the Air Force's mission to ward off attacks in cyberspace, the 50th Space Communications Squadron went phishing on base last month.
"Phishing is when someone sends messages to a large group of people in an effort to deceive people into revealing their personal information, such as social security numbers, credit card numbers or bank information," said 2nd Lt. James Vanderwende, 50th Space Wing Information Assurance officer in charge.
In most situations, phishing attempts are made online via email but phishing attacks using the telephone have also been successful, he added.
In the Schriever exercise, a phisher sent hundreds of randomly selected base members an email asking them to provide their common access card pin numbers as part of a new security requirement. Unfortunately many fell for the bait -- hook, line and sinker.
In most cases phishing attempts are successful because the "bait" is so believable.
"Generally, phishers are successful because they have a good story," said Lieutenant Vanderwende. "They typically use current events and people's ignorance to attain their goal."
For this exercise, on-base phishers generated fake email accounts to lure members into providing personal information.
"Phishers will ask for any kind of personal information, SSN or date of birth. And they will use any type of story to try and trick you into submitting personal information," said Staff Sgt. Trenton Morgan, lead phisher for the exercise.
This is not the first time 50 SCS has gone phishing here.
"I sent out two other phishing emails before, where I asked for SSN and date of birth as a fake tax prep company on base," Sergeant Morgan said. "In that exercise, we asked for the information in exchange for free lift tickets and 50 percent off discounts."
This exercise demonstrated the same tactics that adversarial phishers use.
"You should always be aware of who you're responding to. Do your research and know exactly who you're sending your information to," cautioned Sergeant Morgan. "And never send out your CAC pin; you should always safeguard it."
The majority of those who received the phishing email applied their net defender skills. They did not provide the requested information and called the help desk.
"If members think they have received a phishing email, they need to call the help desk. Don't delete the message, just call the help desk. The same is true if they receive a phishing phone call, call the help desk and provide the number that called them if possible," said the lieutenant.
During each of the recent phishing exercises some base members did divulge their personal information. Luckily for them, the information went to a well-intentioned Airman who will now help them better respond if they are ever targeted by actual phishers.
"We are working with the unit information assurance appointees to have those who provided their information complete a phishing [computer based training] and reset their CAC pin since it has been compromised," said Sergeant Morgan.
Increased cyber vigilance is the key to thwarting future phishing excursions.
"When we know there is a phishing attempt we send out a base wide message warning people about it. The problem is by the time we find out many people have already given up their personal information," said Lieutenant Vanderwende. "That's why people need to confirm the legitimacy of the message before giving any pertinent information."
To learn more about phishing, review the phishing CBT at http://iase.disa.mil/eta/phishing/Phishing/launchPage.htm.