E-mail phishing: Don't take the bait

  • Published
  • By Maj. Ann P. Knabe
  • 379th Air Expeditionary Wing Public Affairs
SOUTHWEST ASIA (AFPN) --  When a fellow deployed officer shared a story about how his wife was e-mailed a request to give personal credit card information over the Internet, I shook my head. In the past week alone, I've received more than 37 different e-mail requests for personal information, all from fraudsters.

Having more than one e-mail address makes you highly visible on the Internet for automated search programs called "crawlers" that makes a persone more vulnerable to phishing attempts.

What's phishing?

Phishing is a criminal activity that uses social engineering techniques to extract personal information from computer users. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as trustworthy people or businesses in electronic communication. Phishing is typically carried out using e-mail or instant messages.

As I looked in my e-mail recycle bin from this week, I saw e-mails from all sorts of fraudsters attempting to get personal information from me. There were so-called credit unions and banks, often masquerading as anti-theft operators asking to verify credit card account numbers and social security numbers to "help" me avoid being robbed online. Others said I had won a contest and all I needed to do to get the money was to give them my bank account tracking number.

My favorites were sent from other countries, where "rulers" and "dignitaries" had suddenly realized I was a long lost relative, and they needed my personal details to wire "my cut" of the inheritance.

While I've always wanted to believe I've got royal blood, I'm far too smart to fall into a Phisher's trap. All Airmen should be this smart and never offer any personal information to an e-mail requester.

It can be tricky, though. A major international electronics store recently had its identity stolen with a cut-and-paste logo that was e-mailed to thousands of credit card holders. The phony e-mail request looked real to many customers, and they found out the hard way about how dangerous it is to offer personal information over e-mail.

Similarly, the officer I mentioned earlier received e-mails with the government charge card logo, and he could have easily responded had he not thought twice about the request.

According to Lt. Col. Michael Welsh, the 379th Air Expeditionary Wing Staff Judge Advocate, any reputable agency will find a different way to contact you. They will never use e-mail; most often it will be old-fashioned U.S. postal mail.

But Airmen must remain alert and vigilant. Even clicking on a link inside a phisher's email is asking for trouble. The best way to deal with phishing attempts is to simply delete the e-mail.

If Airmen want to take it a step further with phishers requesting credit card and bank information, they can call the company referenced, with a phone number from an original source document (not the phisher's e-mail) or the phone number on the back of the credit card.

As for the officer mentioned at the beginning of the story, he was lucky. His wife was sharp and e-mailed him first before clicking on any links. After reviewing the e-mail he called his government charge card company and found out the e-mail solicitation was indeed a phishing attempt.

Be a smart Airman, and like him, don't take the bait from phishers.