"Phishing" for information

  • Published
  • By Tim Rose, 5th Bomb Wing Information Protection
  • 5th Bomb Wing Security Countermeasures and 5th Communications Squadron Information Assurance
MINOT AIR FORCE BASE, N.D. --  We live in an age of electronic media. It makes our lives easier, allows us to do more with less, and gain "real time" updates on anything from weather alerts, news events or threat information.

Unfortunately, our adversaries also live in this same electronic age. They try to collect information on our capabilities, deny us access to our systems and disrupt our operations.

Recently we have experienced an increase in hoax and phishing e-mails. If one doesn't know the terms they need to learn them. "Phishing" is pronounced "fishing." They are "fishing" for information on our people, our systems, our operations or all three things.

Hoax e-mails, or chain e-mails, may be sent by an innocent party as a joke. However, they are more commonly an attempt by our adversaries to disrupt our systems. Both hoax and phishing e-mails may seem to be from official government agencies, banks, creditors, etc., and often include an attached program or web link.

NEVER open a program or link in an e-mail that is not digitally signed unless it is from a known, reliable source. There is a strong possibility this may be an attempt to steal personal data (passwords, logons, credit information, etc) or an adversary trying to bypass our security and get access to our network through an individual user's computer.

So, how does one spot these types of e-mails? Well, several signs to look for include:
1. Not having required markings such as For Official Use Only or FOUO
2. Misspellings or other unusual administrative errors
3. The web-link going to a non-government site (".org or .com" instead of ".mil or .gov")
4. An e-mail sending the user to an http address instead of an https (secure) web address
5. ANY request for personal information such as SSAN, home address, phone number, computer log-on, password, etc., BEFORE logging on to a website. An official web site will already have this information and should only be asking to confirm it.

Okay, so what should someone do if they get one of these e-mails?

Here are some quick actions to take:
1. NEVER open a program or web-link if the e-mail is not digitally signed--even if it is ".gov/.mil"
· No digital signature may mean it was sent by a virus or is a phishing attempt
· Currently virus hackers cannot spoof a digital signature
2. DO NOT forward hoax or phishing e-mails to others.
3. Delete the e-mail. If a user gets it more than once contact the 5th Communications Squadron Communications Focal Point at 723-4357 and report the e-mail.
4. If one opened an attachment or went to a site and feel it is not legitimate, contact the CFP and seek immediate assistance.
5. If the user is unsure about an e-mail they received, they should contact their unit security manager or the CFP for more assistance...remember, it is better to ask first in these cases.

For more information on this topic, contact a unit security manager or the wing Information Assurance Office at 723-1301.

a poster depicting open house info