FORT BELVOIR, Va., Aug. 20, 2020 —
The COVID-19 pandemic turned the work environment upside down with thousands of Defense Logistics Agency employees switching to fulltime telework with little to no notice. The agency’s cybersecurity experts intensified efforts to thwart hackers directly attacking DLA’s information technology networks through phishing and other tactics, and they're asking for employees' help.
Hackers play into employees’ innate desire to remain security-minded, sending alerts with unexpected warnings to cause alarm. They attempt to spur interest in manufactured problems such as a routine administrative or human resource issue. They could also focus on current events to prey on employees’ heightened stress, fear, distraction and curiosity.
Phishing is one of the most common forms of social engineering tactics and uses malicious emails or websites to trick individuals into providing personal or corporate information. Originating email addresses or malicious websites look similar to real addresses.
“Phishing is the No. 1 threat to the Department of Defense and to DLA. By providing our end-users with an email Spam Alert button, DLA has enabled our employees and contractors to act as an additional attack warning sensor,” said Paul Resh, chief of the DLA Computer Emergency Response Team.
DLA employees and contractors are the agency’s first line of defense in protecting networks, systems and data, he added.
The CERT monitors cybercriminals’ tactics and trends and helps refine employees’ ability to identify phishing attempts by sending monthly phishing emails to random employees. When the DLA Phishing Exercise Program began in 2014, about 16% of DLA users failed the exercises. The failure rate steadily declined to 5.5% in late 2018 after the CERT initiated an education campaign about what to look for in phishing attacks. The trend reversed in 2019 and has climbed to a current average of almost 10%.
Phishing indicators to look for include:
• Emails that appear to come from inside DOD but have the subject line tagged with “Non-DOD Source;”
• Inconsistencies in the sender’s domain information such as a .com address listed as .net or .co without the “m.” Other common domains include .org, .info, .net and .edu;
• References or links in the email that don’t match the sender’s domain;
• Unsolicited events of which you have no prior knowledge;
• Email requiring action on systems or applications you don’t have access to;
• Odd-looking URLs that are revealed when you hover over the link in the email; and
• Simple indicators like misspellings or outlandish rewards or riches.
Employees who spot such indicators in emails should refer the email to the DLA CERT by clicking on the DLA Spam Alert button in the upper right corner of the main Outlook email ribbon and explain why the email is suspicious. Employees can also open a new email, attach the suspicious message and forward the email to email@example.com.