Thursday, October 30, 2014

Cybersecurity is an even bigger concern for service members

by 673d Communications Squadron
Cyber Security Team


10/30/2014 - JOINT BASE ELMENDORF-RICHARDSON, Alaska -- Many people in Alaska enjoy fishing, but there are some that enjoy phishing Alaskans.

Phishing - as in fishing for confidential information - refers to a scam which fraudulently obtains and uses an individual's personal or financial information.

There are three general types of phishing.

Phishing is an email that targets the general public.

These emails often direct a user to respond with personal information, or direct the user to a fraudulent website which collects the information.

Spear phishing is a phishing email that targets a specific group. One example of this would be an email sent to military members directing them to verify their personal information on a fake Veterans Administration website.

Whaling is an email targeting high-profile people or those who are able to exert great influence over an organization.
How can you tell if an email is phishing attempt?

Some attempts are very cleverly disguised; however, there a few things you can watch for.

Cybercriminals are not known for their grammar and spelling.

Professional companies or organizations usually have a staff of copy editors, who will not allow a mass email with errors to go out to its users.

If you notice mistakes in an email, it might be a scam.

Links in an email are another tip.

If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message.

Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
Threats are another common technique.

Have you ever received a notification your account would be closed if you didn't respond to an email message?

Cybercriminals often use threats that your security has been compromised, and you need to follow a link.

Spoofing popular websites or companies is a common tactic.

Scam artists use graphics in email that appear to be connected to legitimate websites - but actually take you to phony scam sites or legitimate-looking pop-up windows.

Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.
If you're get a 'threat' email and are concerned about an account, open a new browser and access the site with what you know is the correct address to check.

How real is the threat?

In 2009, more than 630,000 complaints of fraud were filed with the Federal Trade Commission totaling more than $1.7 billion.

Recent headlines highlight phishing attacks against iCloud and Google Docs users, Verizon customers, and University of Nebraska email accounts.

Recently, a group calling itself the "Electronic Army of ISIS" posted a video tutorial on how to create a PayPal phishing attack.
As service members, phishing attacks pose an additional threat.

While most phishing attacks target individual's finances, spear phishing can direct members to disclose operational information, thus posing an OPSEC risk.

For example, a phishing email may direct you to a fake Central Command website and instruct you to input upcoming deployment information.

Phishing is a real threat, both at home and at work.

Stay vigilant, and if something seems "phishy," don't trust it.

If the email is from someone (person or company) you know, call or send a separate email to verify the one you received is legitimate.

At home, you can simply delete the email or report it to a company's fraud center.

At work, delete the email and report it to your unit Information Assurance Officer.

If you have any other questions or concerns, please contact your local Communications Squadron professional.

No comments:

Post a Comment