R 231805Z OCT 01 ZYW
FM CMC WASHINGTON DC//C4//
TO MARADMIN
BT
UNCLAS
MARADMIN 525/01
MSGID/GENADMIN/CMC WASHINGTON DC/C4//
SUBJ/COMPUTER SCAMS AND HOAXES//
REF/A/MARADMIN 136/00//
REF/B/MARADMIN 162/00//
NARR/REF A WAS INFO ASSURANCE BULLETIN 1-00 ON CHAIN-MAIL,
PROMOTIONAL AND VIRUS HOAXES. REF B WAS INFO ASSURANCE
BULLETIN 2-00 ON APPROPRIATE USE OF GOV'T IT RESOURCES//
RMKS/1. THE PURPOSE OF THIS MARADMIN IS TO ALERT ALL MARINES
TO THE RE-EMERGENCE OF SCAMS AND HOAXES THAT CAN INFLICT
FINANCIAL HARDSHIP AND NEGATIVELY IMPACT THE PERSONAL
WELFARE OF MARINES. MARINES WHO FORWARD SCAM/HOAX E-MAILS
UNWITTINGLY PERPETUATE THE DAMAGE CAUSED, WHICH MIGHT AFFECT
MISSION ACCOMPLISHMENT. REFS A AND B ARE PREVIOUSLY PUBLISHED
GUIDANCE ON THIS ISSUE. SCAMS ARE OFTEN INTENDED FOR ILLEGAL
MONETARY GAIN. HOAXES ARE MALICIOUS ATTEMPTS TO CONVEY FALSE
OFFERS OR THREATS. BOTH SCAMS AND HOAXES (INCLUDING
CHAIN-MAIL) CAN LEAD TO UNNECESSARY INCREASES IN NETWORK
TRAFFIC WITH CORRESPONDING DECREASES IN PERFORMANCE. MARINE
CORPS ENTERPRISE NETWORK (MCEN) USERS ARE ADVISED TO BE
EXTREMELY VIGILANT AGAINST THESE THREATS BY SCREENING E-MAILS
AND ATTACHMENTS TO E-MAILS PRIOR TO OPENING AND READING.
2. ALTHOUGH SCAMS DO NOT INFECT COMPUTER SYSTEMS OR FILES,
THEY CONSTITUTE A SIGNIFICANT THREAT TO MCEN USERS. SCAMS ARE
OFTEN PROPAGATED VIA COMPUTERIZED TRANSMISSION PATHS SUCH AS
E-MAILS. COMMON INDICATORS OF SCAM E-MAILS INCLUDE STRANGE
SUBJECT LINES, A SENDER THE RECIPIENT DOES NOT KNOW, OR AN
E-MAIL THE RECIPIENT WAS NOT EXPECTING.
3. THE "809 SCAM" IS AN EXAMPLE OF A SCAM THAT HAS RECENTLY
RE-APPEARED. BY WAY OF OPERATION, AN UNSUSPECTING USER
INITIALLY OPENS AN E-MAIL WITH A LEADING TITLE SUCH AS
"FAMILY EMERGENCY" OR "UNPAID ACCOUNT." THE E-MAIL REQUESTS
THAT THE RECIPIENT CALL A TELEPHONE NUMBER BEGINNING WITH AN
809 AREA CODE. THE PHONE CALL IS ACTUALLY BEING BILLED TO
YOUR TELEPHONE ACCOUNT ON A PAY-PER-CALL BASIS AT SEVERAL
DOLLARS PER MINUTE. ONE PLOY SUCH AS PLACING YOU "ON HOLD"
AFTER A SHORT INTRODUCTORY MESSAGE IS OFTEN USED TO KEEP YOU
CONNECTED AS LONG AS POSSIBLE. BOTTOM LINE: NO MATTER HOW YOU
RECEIVE THE E-MAIL MESSAGE, IF YOU ARE ASKED TO CALL A NUMBER
YOU DO NOT RECOGNIZE, INVESTIGATE FURTHER AND / OR DISREGARD
THE MESSAGE. BE VERY WARY OF E-MAILS ASKING YOU TO CALL AN 809
AREA CODE TELEPHONE NUMBER.
4. RECENT EXAMPLES OF HOAXES INCLUDE "AOL RIOT", "FAMILY
PICTURES", "LOC / LUMP OF COAL", "!0000", AND "AOL4FREE."
HOAXES USUALLY ARRIVE IN THE FORM OF AN E-MAIL AS WELL, AND
CONTAIN BOGUS WARNINGS INTENDED ONLY TO FRIGHTEN OR MISLEAD
USERS. THE BEST COURSE OF ACTION IS TO DELETE AND IGNORE THESE
E-MAILS AND DO NOT FORWARD THEM TO OTHER USERS. HOAX E-MAILS
ALSO TAKE THE FORM OF A BOGUS MESSAGE REGARDING A NEW VIRUS,
OR A PROMOTION THAT SOUNDS TOO GOOD TO BE TRUE. OTHER COMMON
HOAX CHARACTERISTICS INCLUDE AN E-MAIL THAT IS MAILED IN
CHAIN-LETTER FASHION DESCRIBING SOME DEVASTATING, HIGHLY
UNLIKELY TYPE OF VIRUS. THERE IS USUALLY NO FILE ATTACHMENT,
NO REFERENCE TO A VALIDATING THIRD PARTY, AND THE GENERAL
'TONE' OF THE MESSAGE CONVEYS A SENSE OF UNFOUNDED URGENCY.
VIRUS HOAXES ARE MORE THAN MERE ANNOYANCES. THEY MAY LEAD SOME
USERS TO ROUTINELY IGNORE ALL VIRUS WARNING MESSAGES, LEAVING
THEM VULNERABLE TO A GENUINELY, DESTRUCTIVE VIRUS. VIRUS
WRITERS CAN ALSO USE KNOWN HOAXES TO THEIR ADVANTAGE. FOR
EXAMPLE, "AOL4FREE" BEGAN AS A HOAX VIRUS WARNING. A
DESTRUCTIVE TROJAN WAS LATER ATTACHED TO THE ORIGINAL HOAX
VIRUS WARNING AND DISTRIBUTED. NEVER OPEN AN E-MAIL ATTACHMENT
UNLESS YOU KNOW WHAT IT IS--EVEN IF IT IS FROM SOMEONE YOU
KNOW AND TRUST.
5. THE BEST SINGLE SOURCE OF INFORMATION ABOUT SCAMS AND HOAXES
IS HTTPS:/WWW.NOC.USMC.MIL/SECURE/MIDAS. OTHER SOURCES INCLUDE:
CARNEGIE MELLON'S SOFTWARE ENGINEERING INSTITUTE'S WWW.CERT.ORG,
WWW.SYMANTEC.COM/AVCENTER/HOAX.HTML AND VIL.MCAFEE.COM/HOAX.ASP?
(NOTE THE "VIL" VERSUS "WWW" PREFIX). ANOTHER GOOD SOURCE OF
INFORMATION ON SCAMS CAN BE FOUND AT HTTP://WWW.SCAMBUSTERS.ORG.
6. ALL USERS SHOULD TAKE THE FOLLOWING PRECAUTIONS TO SAFEGUARD
AGAINST PROPAGATING SCAMS AND HOAXES: FIRST, USERS SHOULD READ
AND HEED LOCAL ISMO ALERT NOTICES. SECOND, BEFORE OPENING ANY
SUSPICIOUS E-MAIL, USERS SHOULD IMMEDIATELY NOTIFY THEIR LOCAL
ISMO AND REQUEST GUIDANCE. FINALLY, IF THE ISMO CONCURS, DELETE
THE E-MAIL.//
BT