Office of CIO Communications

Phishing is a variation on “fishing” – the idea is that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted to bite. Plenty of Internet scammers have baited their lines to lure anyone who can be enticed into divulging personal information, such as credit card numbers, bank account information, Social Security numbers, passwords, or other sensitive information.

Phishers typically send bulk email to as many end users as possible, directing them to a web site that masquerades the authentic site the end user is trying to reach. The phisher’s intent is to lure victims into submitting their credentials into this fake, but apparently legitimate looking “official” web interface.

Last month, there were reports of a possible phishing scam intended to victimize users of the Navy Knowledge On-Line (NKO) Web site. The email prompts users to reset their passwords, but actually contains an obscured link to a remote web page. When the user connects to the URL provided, the Navy host will automatically download an executable file. Additionally, the site may capture the user’s NKO login password and then attempt to login into NKO via falsified means.

The danger lies in the fact that a breach of security could put the Navy’s data and services at risk. Neither NKO, nor any organization, will ask for account numbers, passwords or Social Security numbers through email. All users should protect their user IDs and passwords. If a Navy end user needs to access NKO, the site can be reached via www.nko.navy.mil.

Don’t get hooked. As Phishing attacks become more widespread and well organized, the probability that we will see advancements in phishing techniques and an increase in phishing attacks is more than likely. If you have received a notification for NKO password reset, contact your Command Information Assurance Officer or System Administrator. To see naval message: OO 282241Z DEC 05 SUBJ: NAVCIRT ALERT 05-17/NAVYKNOWLEDGE ON-LINE ACCOUNT PHISHING SCAM or the list of Site IA Managers, visit the IA section of the Office of CIO Web site at https://cio.navair.navy.mil

NAVAIR Information Assurance (IA) Office takes security compromises seriously and encourages NAVAIR personnel to report all IT-security related vulnerabilities and incidents so they can be quickly and appropriately addressed. . If you become aware of a security compromise, you must immediately notify your Information Assurance Manager (IAM) or Information Assurance Officer (IAO). If you would like more information, contact your local IAO, IAM, the NAVAIR 7.4.2 security office, or the NAVAIR 7.4.1 security office. For a list POCs, visit the IA section of the Office of CIO Web site at https://cio.navair.navy.mil.