Published: October 17, 2006
Email Phishing: Don't take the bait
by Maj. Ann Peru Knabe
When a fellow deployed officer shared a story about how his wife was emailed a request to give personal credit card information over the Internet, I shook my head. In the past week alone, I've received more than 37 different email requests for personal information, all from fraudsters.
As a self-admitted techie, I have seven different email accounts, some associated with my civilian job in the public sector, some associated with my consulting and two with the military. This means my email addresses are highly visible on the Internet for automated search programs called "crawlers" to find me, and this makes me especially vulnerable to phishing attempts.
What's phishing?
Phishing is a criminal activity that uses social engineering techniques to extract personal information from computer users. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as trustworthy people or businesses in electronic communication. Phishing is typically carried out using email or instant messages.
As I looked in my email recycle bin from this week, I saw emails from all sorts of fraudsters attempting to get personal information from me. There were so-called credit unions and banks, often masquerading as "anti-theft" operators asking to verify credit card account numbers and Social Security numbers to "help" me avoid being robbed online. Others said I had "won" a contest and all I needed to do to get the money was to give them my bank account tracking number. My favorites were sent from other countries, where "rulers" and "dignitaries" had suddenly realized I was a long lost relative from the "royal" family, and they needed my personal details to wire "my cut" of the inheritance.
While I've always wanted to believe I've got royal blood, I'm far too smart to fall into a Phisher's trap. All Airmen should be this smart and never offer any personal information to an email requester.
It can be tricky, though. A major international electronics store recently had "its identity" stolen with a cut-and-paste logo that was emailed to thousands of credit card holders. The phony email request looked real to many customers, and they found out the hard way about how dangerous it is to offer personal information over email. Similarly, the officer I referenced earlier received emails with the government charge card logo, and he could have easily responded had he not thought twice about the request.
According to Lt. Col. Michael Welsh, 379th Air Expeditionary Wing Staff Judge Advocate, any reputable agency will find a different way to contact you. They will never use email; most often it will be old-fashioned U.S. postal mail.
But Airmen must remain alert and vigilant. Even clicking on a link inside a phisher's email is asking for trouble. The best way to deal with phishing attempts is to simply delete the email. If Airmen want to take it a step further with phishers requesting credit card and bank information, they can call the company referenced, with a phone number from an original source document (not the phisher's email) or the phone number on the back of the credit card.
As for the officer mentioned at the beginning of the story, he was lucky. His wife was sharp and emailed him first before clicking on any links. After reviewing the email he called his government charge card company and found out the email solicitation was indeed a phishing attempt. Be a smart Airman, and like him, don't take the bait from phishers.
Source: 379th Air Expeditionary Wing Public Affairs
Search News
