Military members target of bank phising scam

  • Published
  • By Air Force Network Operations Center
  • Intelligence and Reconnaissance Division
WRIGHT-PATTERSON AFB, Ohio --  The Air Force Network Operations Center, Intelligence and Reconnaissance Division (AFNOC-IRD) has recently identified new attempts at targeting military members with military-affiliated bank phishing scams. Mass email spamming is the fastest growing email scam known as "phishing". 

Currently, phishing scammers or phishers are actively targeting US military personnel and associated banks in an attempt to trick them into providing personal and financial information to a fraudulent website. This information is then used to access victims' accounts to make illegal transactions, or to steal identities and start new credit accounts elsewhere. The only way to avoid this activity is not to respond to emails or telephone calls that are requesting personal financial information and to report the event immediately. Financial institutions, utility companies, and retailers will not contact customers via email or telephone to request personal financial information. 

Phishing in the computing world is short for "password harvesting fishing", which is a way of getting sensitive information (passwords, accounts, personal information, etc.) from victims while posing as a trustworthy entity needing this sensitive information.

The phrase was coined in the mid nineties by crackers attempting to steal AOL accounts for fictitious use. However, today phishing has moved towards a more profitable scam. Phishers are targeting online banking institutions such as Citibank, USAA, and Bank of America as well as auction houses such as eBay. Phishing scams send spam email to many people hoping that 3 - 5% of them respond. These fraudulent emails tend to resemble the targeted organization's logos and colors to make people believe they are legitimate. A variety of methods are used to trick recipients into clicking on links provided, leading them to fraudulent websites cleverly designed to mimic the legitimate websites of targeted organizations.

Once at the fraudulent site, victims will be prompted to input personal information such as social security numbers, account numbers, pins, and passwords. Once this information is obtained, phishers can then make charges against accounts, withdraw funds from bank accounts, or make purchases at online auctions.

The Federal Trade Commission's No. 1 tip for avoiding these rip-offs: "DON'T provide any personal financial information via email. (Banks and other companies frequently remind customers that they don't ever ask for sensitive financial data via email.)"

- Use the following measures to help protect yourself from fraudulent activity:

- Be extremely suspicious of any email with a request for personal financial information.
- Do not fill out forms in email messages that ask for personal financial information. 

- Do not use the links in emails to get to websites if you suspect that it is not authentic.

- Do not give your credit card numbers or account information unless using a secure website or telephone, and only after you have initiated the contact.

- Beware of email attachments and embedded web links.

- Check your bank and credit card statements online regularly looking for fraudulent activity.

- Use anti-virus software and keep it up to date.

- Keep your operating systems software up to date.

- Consider installing a web browser tool bar to help protect you from known phishing fraud websites.

Report all phishing scams by sending a copy of the email to spam@uce.gov (Federal Trade Commission), reportphishing@antiphishing.org (Anti-Phishing Working Group) and abuse@ the site being spoofed (e.g. abuse@ebay.com). If a suspicious phishing email is received on an Air Force email account, it can also be forwarded to the Information Assurance office at the local base communication center. This will allow the hosting IP of the fraudulent website to be blocked so that no Air Force member can respond with their personal information.