Phishing Scam Purports NKO Web Portal
An Internet phishing scam is purporting the Navy Knowledge Online (NKO) web portal, warns the NETC (Naval Education & Training Command) based at NAS (Naval Air Station) Pensacola, as reported by Allamericanpatriots.com on June 25, 2007.
NETWARCOM (Network Warfare Command), on June 21, 2007, alerted NKO users and network managers of their exposure to vulnerability to the fraudulent scheme. The new phishing scam pretends to arrive from the administrative department of NKO and informs users about a server outage that actually does not exist. The fake e-mail leads the users of NKO to a duplicate but fraudulent site where there are attempts to capture their login information.
The Naval Criminal Investigative Service (NCIS) has noticed that thousands of harmful e-mails are targeting sailors, marine, navy civilian workers and DON contractors with the objective to take over computers at the Department.
The scam artists attack people by sending them e-mail messages or by using pop-up ads on the Windows, said David Peg David, program manager with NKO. The conmen forward the e-mails posing to be from legitimate organizations or websites like NKO. At first glance the company logo and letterhead seem to be authentic, and if that convinces potential victims, phishers would have accomplished their evil goals, as reported by News.navy.mil on June 25, 2007.
The identification of NKO spam scams occurred first in December 2005 when the scam exploited vulnerabilities in Microsoft's Internet Explorer.
Davis said phishers use various techniques to trap the user. The most popular are spoofing and social engineering whose combination produces a new phishing method called "spear phishing".
He further said that users of military and civilian computers should understand that the Navy, NKO, and such reputable entities never ask their customers to give away their passwords or personal information.
He also added that users should be cautious about e-mails trying to extract such information. Moreover, they should report any e-mail they suspect to the command information-assurance officer right away, as reported by News.navy.mil on June 25, 2007.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 13-07-2007