by 673d Communications Squadron
Cyber Security Team
10/30/2014 - JOINT BASE ELMENDORF-RICHARDSON, Alaska -- Many people in Alaska enjoy fishing, but there are some that enjoy phishing Alaskans.
Phishing - as in fishing for confidential information - refers to a scam
which fraudulently obtains and uses an individual's personal or
There are three general types of phishing.
Phishing is an email that targets the general public.
These emails often direct a user to respond with personal information,
or direct the user to a fraudulent website which collects the
Spear phishing is a phishing email that targets a specific group. One
example of this would be an email sent to military members directing
them to verify their personal information on a fake Veterans
Whaling is an email targeting high-profile people or those who are able to exert great influence over an organization.
How can you tell if an email is phishing attempt?
Some attempts are very cleverly disguised; however, there a few things you can watch for.
Cybercriminals are not known for their grammar and spelling.
Professional companies or organizations usually have a staff of copy
editors, who will not allow a mass email with errors to go out to its
If you notice mistakes in an email, it might be a scam.
Links in an email are another tip.
If you see a link in a suspicious email message, don't click on it. Rest
your mouse (but don't click) on the link to see if the address matches
the link that was typed in the message.
Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
Threats are another common technique.
Have you ever received a notification your account would be closed if you didn't respond to an email message?
Cybercriminals often use threats that your security has been compromised, and you need to follow a link.
Spoofing popular websites or companies is a common tactic.
Scam artists use graphics in email that appear to be connected to
legitimate websites - but actually take you to phony scam sites or
legitimate-looking pop-up windows.
Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.
If you're get a 'threat' email and are concerned about an account, open a
new browser and access the site with what you know is the correct
address to check.
How real is the threat?
In 2009, more than 630,000 complaints of fraud were filed with the Federal Trade Commission totaling more than $1.7 billion.
Recent headlines highlight phishing attacks against iCloud and Google
Docs users, Verizon customers, and University of Nebraska email
Recently, a group calling itself the "Electronic Army of ISIS" posted a
video tutorial on how to create a PayPal phishing attack.
As service members, phishing attacks pose an additional threat.
While most phishing attacks target individual's finances, spear phishing
can direct members to disclose operational information, thus posing an
For example, a phishing email may direct you to a fake Central Command
website and instruct you to input upcoming deployment information.
Phishing is a real threat, both at home and at work.
Stay vigilant, and if something seems "phishy," don't trust it.
If the email is from someone (person or company) you know, call or send a
separate email to verify the one you received is legitimate.
At home, you can simply delete the email or report it to a company's fraud center.
At work, delete the email and report it to your unit Information Assurance Officer.
If you have any other questions or concerns, please contact your local Communications Squadron professional.