An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Spear-phishing for your information

  • Published
  • By Mr. Daniel Sheridan
  • 844th Communications Group/SCOS
Air Force District of Washington --  Phishers are actively trying to steal your personal and financial information and gain access to a network enterprise. A recent exercise led by the 844th CG showed that some AFDW employees are unaware of these types of threats.

Some of you reading this article responded to recent Phishing Exercise e-mails from the 844th CG. By reviewing and practicing information security procedures, no one should fall prey to phishing scams.

The purpose of these exercises is to raise user awareness of teh threat p[osed by phishing while increasing knowledge of current policies, and increase our network enterprise protect capability. All AFDW employees must take steps to protect themselves and the network.

There are two commonly used types of phishing scams; e-mail fraud and spear-phishing.

Phishing is an e-mail fraud scam conducted for the purposes of gathering information that can be used for identity theft or to access a computer network.

Spear-phishing is an e-mail spoofing fraud attempt that targets a specific organization and/or person, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source.

What can you do to decrease AFNCR network vulnerabilities? Below are a few tips that will help you do that.

Know the Threat:
Bad Actors (i.e. Cyber Criminals) are using spear-phishing techniques that could specifically target you through your official and personal e-mail. Spear-phishing tactics include, but are not limited to, targeting specific organizations/individuals, appearing to be originating from someone of authority, utilizing enticing subject lines, and containing seemingly personal information that is in fact public knowledge.

Obey the Air Force Instructions and other Communication Policies:
The rules were made for a reason. Additionally, do not use your work e-mail for use other than official business. Use your personal e-mail for socializing, banking, and other unofficial related business.

Be Paranoid:
It's not an empty or made up threat that cyber criminals are actively targeting US government officials, so being cautious is a good thing. Question e-mails; where did the e-mail come from, do you know the sender, were you expecting the e-mail, was the e-mail digitally signed if it had embedded URLs or attachments? If you get unusual or unexpected e-mail requesting information, confirm its validity offline. If you receive a suspicious e-mail, call the AFNCR Help Desk, at (703) 695-6880, or just delete it. Do not open attachments or click on URLs if the e-mail is suspicious.

The 844 CG/SCOS periodically conducts "Phishing Training", for more information on "Phishing Training" and events calendar for the next scheduled training click here. Or you can complete the web-based training offered by DISA

Don't become a phishing victim and compromise your personal information or the AFNCR network.