How To Avoid Phishing

Published Sept. 17, 2010
By 86th Airlift Wing public affairs

RAMSTEIN AIR BASE, Germany -- Phishing e-mails are a common occurrence for both your military and personal network systems, designed to steal your identity by asking for personal information.

According to Wikipedia, "phishing is defined as the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication."

Even though these web sites look legitimate, do not be fooled.

According to the National Fraud Information Center, the most common form of phishing emails appear to be from a legitimate retailer, bank, organization, or government agency.

In a phishing email, the sender often delivers shocking and commonly frightening news in order to trick an unsuspecting user into action. However, remember that a legitimate company will never ask you to download a program or enter personally identifiable information (PII) in an email.

All personnel need to remember that banks, in particular, will never ask for passwords or personal information via e-mail. To avoid being fooled by a phishing email posing as a bank, type in your bank's website address in the address bar to be sure you are going to the correct website. Once there, look at the address bar to ensure it is legitimate. Sometimes even the smallest of differences are overlooked like www.usaaa.com versus the correct address of www.usaa.com.

Not taking the time to check the credibility of an e-mail can cost the personnel significantly.

"Scammers can use personal or confidential information illicitly," said Staff Sgt. Augustus Robinson III, 86th Airlift Wing knowledge operations manager. "Scammers also use Trojan key loggers that record every keystroke you enter. The hacker could then use login names, password & personal information to obtain more information and take control of more computer systems,"

Although phishing scams can happen to anyone's computer, it is extremely crucial for military members to stay on their toes.

"Phishing is aimed specifically at military members to obtain information and intelligence," Sergeant Robinson said. "It is our responsibility to safeguard sensitive information on government systems. Not being vigilant will allow our adversaries access to critical information. They should also take the same safeguards with their personal computers at home."

Follow these simple rules to avoid phishing campaigns:

Stay alert - Know what is in your inbox, don't open any old email. If you don't know the sender be overly suspicious.

Don't let emails frighten you - In most cases an email will not be the source of legitimate good or bad news. Read the email carefully and don't be easily duped.

Don't share information through email - A legitimate company should have the PII they need. Call the company help desk and ask for clarification if necessary.

Ensure you are a secure - Look for "https" and the security symbol of a pad lock in your browser. If you're not secure, don't enter information.

Never click on links within emails - If an email requests verification or further information find the website yourself, ensure it is the correct site, and verify that it is secure.

Never open mysterious attachments - Attachments can be laden with malware that can infect you computer.

Use layered defense - Utilize up-to-date spam filters, anti-virus, anti-rootkit, anti-spyware, and firewalls.

(Editor's note: Tech. Sgt. Francesca Popp, U.S. Air Forces in Europe Public Affairs and Senior Airman Scott Saldukas, 86th Airlift Wing Public Affairs, contributed to this story.)