Office of CIO Communications

Recent eCard scams are leaving some network administrators and end users with a holiday headache. Internet security experts are urging end users to beware of fraudulent eCards. The risk comes from seemingly harmless eCards that appear to originate from major eCard companies. Criminals are using the electronic greetings to exploit users and access networks illegally.

Like any hyperlink or email attachment, eCards should be treated with suspicion and caution. Not only can these deceptive eCards harbor viruses and malware, but they can also be used to “phish” for information by directing unsuspecting users to fraudulent websites. Users should avoid opening any unsolicited attachments and should never follow links embedded in the email. Users should really consider deleting any potentially suspicious email.

In the world of information technology, there will always be determined criminals who use their time and talent to scam end users out of money, privacy, and information. For government employees and contractors using government information systems, the risk is enormous. National security is increasingly being challenged by these non-traditional threats from adversaries with seemingly limitless time and resources aimed at targeting valid users to gain access to government resources.

The borderless nature of the Internet makes cyber crime a global concern. A disturbing trend in cyber crime is the increased use of email in social engineering and phishing. The United States Computer Emergency Team (US-CERT) defines social engineering as “the use of human interaction and phishing as the use of human interaction through email or malicious web sites.”

In the past, common sense tactics, such as not divulging account numbers or passwords, thwarted the cyber criminals’ attempts to cause harm, but advanced technology has allowed criminals to take advantage of users who have been trained to never divulge passwords or account information by conning them into opening unsecured email. Root kits and keystroke loggers, which give criminals the ability to get passwords and account information without the user’s knowledge, have made eCards and email attachments far more dangerous.

A root kit is like a Trojan horse. It hides itself in the operating system and the programs that rely on that system. It will also hide anything else the cyber criminal wants hidden and can grant the cyber criminal remote access to the system. Once in place, it cannot be easily detected.

During the holidays, more people are spending time online looking for gift ideas and receiving eCards. This provides the cyber criminal with ample opportunities to gain access. In the case of malicious eCards, users receive an eCard that appears to have come through one of the major eCard companies. The end user assumes it is safe and clicks the link to view the card. They are sent to a server that looks for a vulnerable spot to install a Keylogger and a root kit. The user is then sent back to the eCard site so as to make it look like nothing unusual had happened. Unfortunately, that’s all it takes for a root kit to be delivered to the user’s PC.

It is also important to note that keystroke loggers can be both a computer software program and a physical device. In the case of eCards, it is a software program known as malicious code. A physical device can also be connected between your keyboard and computer to log your keystrokes. That is one of the reasons it is so important to physically secure your workstation by removing your CAC card when you leave your desk.

It is vital to the security of your network that you do not download, distribute, or accept eCards on a government account. It is also wise to avoid eCards at home unless they are from someone you know and your system is up to date with patches and ant-virus software.

If you would like more information on any information security or Information Assurance (IA) matters or if you suspect any unusual activity or security compromise on your government-issued workstation, contact your local IA Officer, IA Manager, the NAVAIR 7.2.6 Information Assurance office, or the NAVAIR 7.4.1 security office. A list of IA Points of Contact is located on the Office of CIO Community of Interest within MyNAVAIR https://mynavair.navair.navy.mil/cio.

About the author: Chandler Archuleta, a regular contributor to Office of CIO communications, is an employee of Smartronix Corporation, Information Assurance Division.