New Social Engineering Scheme Targets Military Families

Every week…sometimes daily…it seems there is a new type of social engineering attack targeting specific groups. The social engineering fraudsters are pretty creative and many adept at exploiting the vulnerabilities and weaknesses of these groups. They use face-to-face methods, phone calls, email messages, faxes, and any other communication path that could take them to a willing victim.


On June 20 the U.S. Federal Trade Commission (FTC) released a report warning of a new phishing attack targeting military families.

“Fraudsters Claim a Red Cross Connection in New Phishing Scam
The Federal Trade Commission is warning consumers about a scam targeting families of military members. A caller, claiming to work for the Red Cross, notifies an individual that their family member has been injured while on duty. To get immediate aid to the injured service member, the caller says, paperwork must be completed, and personal information must be verified.
The FTC, the nation’s consumer protection agency, says this scheme is a variation of ‚Äúphishing‚Äù ‚Äì a technique identity thieves use to get personal or financial information from unwary consumers. The identity thief claims to represent a trusted source ‚Äì a bank, a government agency, or in this case, The American Red Cross ‚Äì to get someone to divulge their personal information. The FTC urges military family members not to give out personal information on the phone if they are contacted by an individual they don‚Äôt know ‚Äì or via the Internet if the message comes via e-mail.
According to the American Red Cross, its representatives typically do not contact military members or their families directly. Visit http://www.redcross.org and http://www.defenselink.mil for more information.
For more information about phishing, visit http://onguardonline.gov/phishing.html. To report a phishing incident, visit www.ftc.gov or call 1-877-FTC-HELP.
Because victims of phishing schemes can become victims of identify theft, you also may want to visit www.ftc.gov/idtheft.
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.”

Yes, this is pretty despicable and definitely preying upon the greatest fears of those whose loved ones are overseas in active duty. Many social engineering schemes are despicable.
Awareness of such exploits is critical to help keep folks from having their shock and fear of the worst happening to their family and friends overshadow their ability to recognize such criminals in action.
Let your personnel know about these types of exploits. Not only will it help to protect them, it will also help to raise their awareness about such social engineering schemes and make them more able to identify these, and other, social engineering attempts made while they are at work.
No matter what some information security technology vendors tell you, technology alone cannot protect your organizational information assets and resources, or your personnel. The human factor is the weakest link in protecting information, and your information security efforts will not be effective without ongoing and effective training and awareness.
Human mistakes, lack of information, and malicious intent can defeat basically any type of security technology.
Information security must be multi-layered and include operational, technological, administrative and procedural controls. Leaving out a layer will leave your organization vulnerable to information leaks, much like leaving some shingles off your roof will leave your house vulnerable to rainwater leaks…in time it will happen and damage will result.
Human susceptibility to fall for social engineering schemes is greater when fraudsters and criminals exploit people’s three most basic layers of love/belonging, safety, and physiological needs. (See Maslow’s Hierarchy of Needs for more on this.)

Tags: , , , , , , , , ,

Leave a Reply