E-mail Phishing Scams
5 things you need to know
06 August 2015
You get to work, attend quarters and head to your computer. With a fresh cup of coffee you open your email.
ALERT! YOUR IDENTITY MAY HAVE BEEN STOLEN!!!
Well, that's alarming. A subject line in all caps? And it's your identity at stake?
You open the email. It's from your bank, or at least the person who wrote the "Very Respectfully" line claims your bank beneath his name. All they want is for you to confirm your information. No need to call the bank. We live in a digital age where everything is done on computers and you can trust anyone as long as they tell you they're trustworthy, right?
The email provides a link to... something. It's a URL made up of a bunch of letters and numbers and dashes and percent symbols. Computer wumbo-jumbo. You click it and you're taken to what looks like a late-90s version of your bank's webpage. The bank logo is on it with username and password boxes, so it's totally legit.
You fill them in and click submit.
The screen goes blank, just a gray background. You click back, maybe you typed it in wrong.
WEBPAGE COULD NOT BE DISPLAYED
You keep clicking back, but it keeps repeating the same message. It starts to feel like you never went to your bank's website in the first place. You click all the way back to your email and there's a new message from someone you've never heard of.
You open it up:
Thx 4 the cash, sukka!
Xx_B1LLY_xX
And, you've just been hooked by a phishing scam.
According to James Magdalenski, director, Naval OPSEC Support Team, as members of the military, we are likely to receive phishing emails just because of our affiliation with the DoD. Phishing emails can originate from hackers, foreign agencies or services, thieves who want personally identifiable information (PII), or just someone with an acute curiosity of what we do in the military. Although DoD networks are well protected, they are not 100 percent fool proof from phishing emails.
He said "Always be aware of suspicious emails from people you have no affiliation with, and especially those emails requesting sensitive information like usernames, passwords, personal and information, military operations details, financial information and so on."
Magdalenski added, phishing emails can also include malicious links or attachments with catchy titles, like "Answers to CPO Advancement Exam". Phishing isn't just limited to emails either; it could be a simple phone call from someone claiming to be from a legitimate organization, like your financial institution. Legitimate organizations will never call you and request your PII.
He stated that similar to a Sailor's working environment, phishing emails will often be sent to your home or personal email address.
"For example, if you receive a "pop up" from your anti-virus software provider telling you it's time to renew, just by clicking on the pop up, it may be a phishing scam," said Magdalenski.
He said to go to your anti-virus software provider's home page for your renewals and updates. The same holds true for advertisements. Although most are legitimate ads, it only takes one non-legitimate to completely infect your computer, tablet or even smart phone.
He said Sailors who receive suspicious emails should immediately contact their organizations Information Assurance Manager (IAM) or Information Security Manager (ISM). Do not open and if you're already opened the email, do not click on any files or links. Be especially suspicious of email sent directly to your "Junk" email folder. Most of those emails go to the junk folder for a reason.
In addition, Magdalenksi stated annual Information Assurance on-line training is available on
Navy Knowledge Online (NKO) and
Total Workforce Management Services (TWMS).