Phishing e-mails are a common occurrence for both military and personal network systems. They are designed to steal your identity by asking for personal information.
According to Wikipedia, “Phishing is defined as the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”
Even though these Web sites look legitimate, do not be fooled. According to the National Fraud Information Center, the most common form of phishing e-mails appear to be from a legitimate retailer, bank, organization or government agency.
In a phishing e-mail, the sender often delivers shocking and commonly frightening news in order to trick an unsuspecting user into action. However, remember that a legitimate company will never ask you to download a program or enter personally identifiable information in an e-mail.
To avoid being fooled by a phishing e-mail posing as a bank, type in your bank’s Web site address in the address bar to be sure you are going to the correct site. Once there, look at the address bar to ensure it is legitimate. Sometimes even the smallest of differences are overlooked like www.usaaa.com versus the correct address of www.usaa.com.
Not taking the time to check the credibility of an e-mail can cost personnel significantly.
“Scammers can use personal or confidential information illicitly,” said Staff Sgt. Augustus Robinson III, 86th Airlift Wing knowledge operations manager. “Scammers also use Trojan key loggers that record every keystroke you enter. The hacker could then use login names, password and personal information to obtain more information and take control of more computer systems,”
Although phishing scams can happen to anyone’s computer, it is extremely crucial for military members to stay on their toes.
“Phishing is aimed specifically at military members to obtain information and intelligence,” Sergeant Robinson said. “It is our responsibility to safeguard sensitive information on government systems. Not being vigilant will allow our adversaries access to critical information. They should also take the same safeguards with their personal computers at home.”
Follow these rules to avoid phishing campaigns:
Stay alert: Know what is in your inbox, don’t open any old e-mail. If you don’t know the sender be overly suspicious.
Don’t let e-mails frighten you: In most cases, an e-mail will not be the source of legitimate good or bad news. Read the e-mail carefully and don’t be easily duped.
Don’t share information through e-mail: A legitimate company should have the PII they need. Call the company help desk and ask for clarification if necessary.
Ensure you are secure: Look for “https” and the security symbol of a pad lock in your browser. If you’re not secure, don’t enter information.
Never click on links within e-mails: If an e-mail requests verification or further information find the Web site yourself, ensure it is the correct site, and verify that it is secure.
Never open mysterious attachments: Attachments can be laden with malware that can infect you computer.
Use layered defense: Utilize up-to-date spam filters, anti-virus, anti-rootkit, anti-spyware, and firewalls.
(Editor’s note: Tech. Sgt. Francesca Popp, U.S. Air Forces in Europe Public Affairs, and Senior Airman Scott Saldukas, 86th Airlift Wing Public Affairs, contributed to this story.)