Protect yourself from phishing scams

  • Published
  • By Senior Airman Charles Randolph and Staff Sgt. Stuart Wilson
  • Pacific Air Forces
HICKAM AFB, Hawaii --  Email provides a convenient and powerful communications tool that few in today's fast paced world can live without. Unfortunately, it also provides scammers with an easy means for luring information from unsuspecting victims. This form of Internet fraud is called phishing. The term, pronounced "fishing," comes from the analogy that Internet scammers use email as bait to fish for passwords and personal data from the sea of Internet users.

Phishing emails claim to be from a business or organization with which individuals would routinely interact (e.g. an Internet service provider, bank, online payment service or even a government agency). These emails attempt to fool you into visiting a bogus Web site to either download malicious software or reveal sensitive personal information. They usually contain links that redirect the target audience to sites that look astonishingly like the real thing. These sites ask for information such as your account number, address, online banking username, and password. Attackers use this information to steal your identity and raid your bank account. 

Phishers use a technique called spear-phishing to selectively target a single person or small group. A phony email might even look like an official email from a DoD organization but have nothing to do with the military. These types of attacks are aimed to make people think they are accessing official sites, including the MyPay website.

As scary as this may sound, there are several ways you can protect yourself and your family. The following recommendations can minimize your chances of falling victim to an email phishing scam. 

· Be suspicious of any email requesting personal information of any kind. Even email from trusted sources can have spoofed email addresses. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. Digital signatures should be used to provide authentication of the sender. 

· Be suspicious of the links placed directly in an email. They can say one thing and lead somewhere else. Use your favorite search engine to find the correct URL for that company. 

· Ask yourself: Why am I getting this email? A way to avoid being a target is to control the use of your work email address by not posting it in newsgroups, blogs or other online forums. 

· Never give out your user ID, password or CAC PIN number to ANYONE. System administrators will never ask you for this information and avoid writing this information down. If you must write down your user ID or password, it must be treated at the same level as the system it protects (NIPRNET - Sensitive, For Official Use Only/SIPRNET - SECRET) and secured in the same manner.

If you receive a suspected phishing email, contact your Client Support Administrator, Information System Security Officer or Internet Service Provider for assistance. If you suspect that you have fallen for a phishing scam, take steps to immediately protect yourself. Many sources of help are available on the Internet. The sites http://www.consumer.gov/idtheft/ or http://www.antiphishing.org are good places to start.