Hook, line, and sinker…Don’t get snagged by an Internet/E-mail phishing scam

  • Published
  • By Maj. Jordon Cochran
  • 341st Communications Squadron commander
MALMSTROM AIR FORCE BASE, Mont. --  Have you ever received an email from the Air Force Portal asking you to verify your personal information? Have you ever received a message from eBay warning you to login to your account otherwise it will be suspended? If you accessed the link and tried to login to the website; you may have just become a victim of a phishing scam. Americans lost $3.2 Billion in finances last year due to identity theft in scams. These facts illustrate the importance of your awareness to phishing, whether at work or at home. 

Phishing is a type of scam designed to deceive people into giving up personal data, such as credit card numbers, passwords, or account login information. These phishing emails are very deceptive. They usually resemble an official message or notification from a trusted source or Web site, such as the AF Portal, or your credit card company. Phishing emails normally direct recipients to a fraudulent Web site. This site may ask you to provide personal information which then can be used for identity theft. 

There are several indicators to look for if you suspect an e-mail message is a phishing scam. Most of the links in these emails are "masked" or "spoofed". For instance, the link looks like a trusted source's official link but the actual URL, web address, is different. In short, the link displayed does not direct you to that address but somewhere different or a scam Web site. These emails could also include suspicious subject lines, spelling and grammar errors, or come from an unknown or unfamiliar sender. 

Protect yourself from phishing scams 

The best piece of advice to take away from this is that a legitimate company will never ask you to provide personal or account information. If you receive an email supposedly sent by the AF Portal, PayPal, or another online entity, it is best not to open it. If you feel that you must open the email, do not click on any link, do not reply, and never open any attachment in the email. Instead, verify the message is authentic by going to your account's Web site and access it directly without using any link in the email. You could also contact the company using the actual Web site's contact form, by e-mail, or phone to authenticate the relevance of the email. Copy and paste the suspect email into the contact form and ask the site to verify the sent message in question. Another option is to copy parts of the email and search for it in Google or other search engines. Other Web sites may have already given warning that the message you received is a phishing scam. In all, the damage from phishing can range from denial of access to e-mail to extreme financial loss. The potential for identity theft and other consequences are significant. Be proactive, be safe when surfing the web, and don't be a victim. 

For more information and training on phishing, a computer based training is now available at http://iase.disa.mil/eta/phishing/Phishing/launchPage.htm The CBT is approximately 15 minutes long and contains information on what to look for and how to avoid falling victim to phishing scams, both at work and at home. The Wing Information Assurance office recommends all users complete the training for basic awareness, but highly recommends that it be used as a remedial training tool for those individuals that fall victim to phishing scams and phishing exercises. 

For more information call 731-4695.