By U.S. Fleet Cyber Command/U.S. 10th Fleet Public Affairs
As the U.S. Navy remains ever vigilant, taking the fight to the enemy, recent media reports have highlighted potential risk from information carelessly or inadvertently shared on social media.
There has also been a steady stream of reporting on criminal and other malevolent cyber actors who seek information using hoax emails, also known as phishing, to gain access to finances or other sensitive information.
Safety and security are always the highest priority for the Navy and therefore the recent reports on social media risks and new or recycled phishing scams do not necessarily mean there is an increased threat. The Navy, however, can never let its guard down.
Private, personal and sensitive information could become available to adversaries or criminals via social media or phishing if service members and their families do not practice operations security (OPSEC).
To avoid disclosing private, banking and other sensitive information publicly via social media, Sailors should keep in mind the following five things:
1. Never share anything online you would not tell directly to the enemy.
2. Never post private or personal information.
3. Assume any information you share electronically will be made public.
4. Phishing scams tend to have common characteristics that make them easy to identify:
- Spelling and punctuation errors.
- Scare tactics to entice a target to provide personal information or follow links.
- Sensational subject lines to entice targets to click on attached links or provide personal information.
- Include a redirect to malicious URLs which require you to input usernames and passwords to access.
- Try to appear genuine by using legitimate operational terms, key words and accurate personal information.
- Fake or unknown sender.
5. When in doubt about a suspicious email from a supposed bank, call your financial institutions or check with your command Information Assurance (IA) lead. Your command IA can also assist with other types of suspicious email.
The Naval OPSEC Support Team, part of Navy Information Operations Command Norfolk, highlights “Knowledge is power – for both you and the adversary,” and advises:
- Understand the value of your information.
- Be suspicious of unsolicited phone calls, online requests or emails.
- Be suspicious when information about you and your family is requested.
Always ask yourself, do they have the “need to know.”
Ensure OPSEC is a way of life, 24/7/365. Navy leaders should remind Sailors and their families to assess how they use social media with OPSEC in mind – and the need to best protect themselves, their loved ones and all with whom they serve.
It is everyone’s responsibility help keep Sailors, civilians and families safe by not sharing personal or sensitive military information in email or in any online environment.
For more information, and for links to OPSEC review materials, visit Naval OPSEC Support Team’s website at: http://www.public.navy.mil/fcc-c10f/niocnorfolk/Pages/OPSECMission.aspx
For presentations about social media and phishing, click the links below from the Naval OPSEC Support Team’s Slideshare collection:
Social media trends for ombudsmen: http://www.slideshare.net/NavalOPSEC/opsec-for-ombudsman?related=1
Facebook privacy and account settings: http://www.slideshare.net/NavalOPSEC/facebook-privacy-settings-updated-february-2014?qid=d01987b5-98e6-4b0c-a256-b9e1b4c816ca&v=qf1&b=&from_search=8
For more news from Commander, U.S. Fleet Cyber Command/U.S. 10th Fleet, visit www.navy.mil/local/FCCC10F/