DOD's anti-phishing policy disables links in outside emails
In an attempt to prevent potential breaches, DOD won’t let users click on HTML links in emails that come from outside the .mil domain.
In an effort to help users avoid phishing scams and other potential threats, the Pentagon is instituting a policy of disabling HTML links in emails that come from outside the .mil domain.
Sean Lyngaas of sister publication FCW reports that the policy is being established gradually but is already in place for most Defense Department users. Richard Hale, DOD deputy CIO for cybersecurity, told FCW that the policy is a coordinated effort between his office and the U.S. Cyber Command, and is part of a larger effort to tighten DOD’s network defenses.
At least some users receiving outside emails will see a subject-line warning that the email is coming from outside DOD, according to the report. Users will still be able to cut and paste the URL into a browser, as they can now with text emails, but the idea behind the policy that that eliminating hot links would get users to think twice before going to a potentially malicious site.
To read FCW’s full report, click here.
Phishing, which involves fraudulent emails made to look legitimate, is the most common vector used by cyber criminals and spies, because it’s easy to do and it often works. Many of the most notable recent data breaches—including the massive hack earlier this year of the Office of Personnel Management databases—are believed to have started with phishing emails that fooled some users into giving up their credentials. (News of the OPM hack, was followed by another phishing campaign posing as official notification of the OPM breach.)
DOD has been campaigning to raise users’ awareness of phishing, issuing a memo in March advising personnel about safe practices with regard to potential phishing or the more targeted spear-phishing emails, as well as social media sites. The military services and other DOD components, such as the Army and Navy, also offer users advice on what’s often called good cyber hygiene.
The new email policy could have an impact on outside organizations, including Defense Systems, which send its Defense Systems Update newsletter to selected DOD users. Like the other publications in 1105 Media, Defense Systems does already send a text version of its newsletter to subscribers.
NEXT STORY: Air Force to ID targets by their vibrations