Beware of spear phishing, protect computer security

Published May 4, 2008
By Senior Airman Samuel Morse
35th Fighter Wing Public Affairs

MISAWA AIR BASE, Japan -- Information warfare has been around since long before the computer. Even in the days of homing pigeons, adversaries would attempt to intercept each other's messages to gain an advantage. Today, the enemy is still trying to steal our secrets, but they have devised new methods in this age of ones and zeros. One of these methods is known as spear phishing.

To understand spear phishing, one must first understand what phishing is. According to the Joint Task Force-Global Network Operations, phishing is defined as "criminal activity using social engineering techniques." Phishers attempt to fraudulently acquire sensitive information, such as passwords, personal information, military operations and credit card/financial details by masquerading as a trustworthy person or business in an electronic communication (e-mail).

Spear phishing, on the other hand, is a highly-targeted phishing attempt. The JTF-GNO also states that a phisher will often use the victim's name, organization, and even relevant jargon to further make them think the e-mail is legitimate. They will even spoof who the e-mail is from, making it look like it came from a coworker or friend. There may sometimes be spelling mistakes due to third country national origin, but for all intents and purposes, the e-mail will look real.

While normal phishing is almost always for the purpose of identity theft, spear phishing on government systems is usually in an attempt to gather information and intelligence. According to Tech. Sgt. Thomas Parker of the 35th Communications Squadron, spear phishers will usually attempt to make you open an attachment or web link that will load malicious logic onto your computer, often times in the form of a key logger (a program that records keys typed on a keyboard to be sent to the phisher).

The next question would be, how do we protect ourselves? Sergeant Parker said the best way right now is to make sure e-mails are digitally signed. To his knowledge, phishers have yet to find a way to spoof a digital signature from a trusted site. He encourages all network users to digitally sign and encrypt their e-mails. If someone is unsure of how to do this, they can contact their local Client Support Administrator.

Another protective measure is to look for tell-tale signs of a fake e-mail. Lack of proper For Official Use Only tags, misspellings, incorrect signature blocks and other items out of place or missing can indicate a foreign origin.

It is also encouraged to double-check Web site addresses. Links should start with https:// rather than http://. This denotes a secure connection. Also, the suffix .mil should be present in the domain name of official military Web sites. Unfortunately, even if a Web address has these elements, it can have an embedded link that takes you somewhere other than what it says. To combat this, Sergeant Parker suggests opening an empty browser and navigating to the Web page manually. While this may take longer, it will help prevent the user from falling victim to malicious logic.

For attachments, if you must open them, do not enable macros. Government systems are designed to give warnings when a PowerPoint document or other seemingly benign file attempts to do something other than what it was designed to do.

"Blindly clicking 'yes' to these alerts is the type of complacency that phishers are looking for," said Airman 1st Class Benjamin Nelson, 35th Fighter Wing CSA.

Also, disabling Microsoft Outlook's preview pane, or at the very least disabling HTML on the preview pane, will give a degree of separation, allowing users to verify a sender before opening an e-mail with attachments.

"If you do get an e-mail that you deem to be suspicious, call the sender to verify that the e-mail did, in fact, come from them. If not, or if the e-mail came from an organization outside the military, contact your CSA or Information Systems Security Officer so they can investigate the e-mail," said Sergeant Parker. "If you have already opened the suspicious e-mail, Web link, or attachment, immediately unplug your computer from the network and contact your CSA or ISSO."

Phishing and spear phishing are an increasing threat to the security of government systems and personnel. Sergeant Parker said that a significant percentage of targeted individuals fall victim to this type of attack each year. There is only so much CSAs and ISSOs can do to prevent these kinds of attacks. It's up to every system user to maintain the constant vigilance needed to maintain computer security.