December28, 2006: The U.S. Department of Defense is suffering yet another Internet based attack. This one is a "spear phishing" offensive. "Phishing" (pronounced "fishing") is when a hacker sends out thousands, or millions, of emails that look like warnings from banks, eBay or PayPal, asking for you to log in (thus revealing your password to the hackers, who have set up a false website for this purpose) to take care of some administrative matter. The hacker then uses your password to loot your account. "Spear phishing" is when the emails are prepared with specific individuals in mind. The purpose here is to get specific information from, say, a bank manager, or someone known to be working on a secret project. The thousands of spear phishing emails sent to military personnel is worrisome, because it means someone is looking for defense related data, including classified stuff. Most people don't fall for phishing attacks, but the hackers know that some will. The recent spear phishing attack included messages with a PowerPoint attachment. That file, if opened, installed a virus on the users computers, and created access, to the users network, for the hackers who carried out the spear phishing campaign. Military personnel are trained to watch out for things like phishing attacks, but hackers only need to get a few victims to fall for it. The Department of Defense has publicized this spear phishing attack in order to encourage any military personnel, who may have fallen for it (or think they did) to report that as soon as possible.