NELLIS AIR FORCE BASE, Nev. — When you hear the term “phishing” you can’t help but think of a boat, bait and a fishing pole. However, in this case, phishing is a scam of evil intentions.
If you’re looking to avoid becoming a victim, all you have to do is keep an eye out for activities that don’t look right.
According to the Federal Deposit Insurance Corporation, the term “phishing” – as in fishing for confidential information – refers to a scam that includes fraudulently obtaining an individual’s personal or financial information.
“Phishing is the act of attempting to acquire personal information by masquerading as a trustworthy entity in an electronic communication, usually in an email,” said Senior Airman Daniel Shipley, 99th Air Base Wing information assurance office. “The information can include usernames, passwords and credit details.”
There are two different types of phishing. The first is regular phishing where an email is received from various sources posing as an authorized domain. Sometimes a victim will see an email from “banks” asking you to verify your information on a “site” that looks a lot like a regular banking site. Any information entered is stored on a server owned by the phisher.
“There is also spear-phishing, which includes attacks that are usually targeted at specific people and often are looking for information about or from that person,” Shipley said. “It is closely related to regular phishing but has a much smaller focus on targets.”
The results of phishing can be staggering to an individual. A phisher can access your credit card or banking information to run up your debt or drain your bank account.
Fortunately, Airmen can defend against spear-phishing attacks by double checking anything that seems out of the ordinary.
“If you think that an email is a phishing attempt, the best practice is to contact the organization you think is behind the email and check [its] validity,” Shipley said. “Do not forward the email or print it, delete the email, go into the deleted items, locate the email, right click, go to the junk e-mail menu and click ‘add sender’ to blocked senders list.”
Also notify your unit information assurance officer if you receive a suspicious phishing email at work. If the unit IAO wants to check the email, they can access the user’s computer and view it on their system. If it is a sufficient threat to the integrity of the user’s information or any government owned information system, call your installation’s Information Assurance Office.