Sunday, October 11, 2015

NFCU Spear Phishing scam

"Nfcu logo" by Source. Licensed under Fair use via Wikipedia -

If you have an NFCU account, please read this!

I received this in a recent staff email:


Please continue to be aware of the potential for Phishing and Spear Phishing eMail attacks.

Currently there is a Navy Federal-themed phishing campaign underway (eMail subjects have been "ACCOUNT NOTIFICATION" or "ACCOUNT ACCESS SIGN IN"). Some members of the Staff have already received and reported. Attached to this eKM Notice (you will need to access eKM to retrieve) under the Files tab is amplifying information provided in Navy Cyber Defense Operations Command's Cyber Alert 2015-ALR-0018.

If you receive emails you suspect are spear-phishing or SPAM, please report using the following process:
1. Without opening the message, single-click the message from the list of messages in your inbox.
2. Click Edit, and then select Copy.
3. Click File, select New, and then click Mail Message to open a new mail message.
4. Right-click in the blank content area and select Paste from the pop-up menu.
5. Type "SPAM" in the subject line.
6. In the To field, type the email address
7. In the Cc field, type the email address
8. Click Send.
9. Delete the original email

If you have received these emails and opened attachments or clicked embedded links, please contact Information Assurance (808.471.3097 or

October is Cyber Security Month - to help ensure a secure operating environment, please be wary of any eMail that is not digitally signed. Do cut and paste links in eMail into your browser or open attachments in unsigned eMails, regardless of the purported sender until you have verified via alternate means that the eMail is legitimate. Accessing commercial web-mail services is authorized from your NMCI computer, but do not click any embedded links or download attachments to your NMCI seat.