I lost $200 to an email

DOVER AIR FORCE BASE, Del. – Tommy logs on to his computer to check his email, and this pops up: 

He clicks the attachment to verify the suspicious movements, and things seem to “resolve” themselves.

A week later, Tommy discovers someone spent $200 on his Amazon account. Coincidence?

This is an excellent example of a phishing scam, in which a malicious attacker attempts to gain access to your personal information by tricking you into thinking a message is from a legitimate sender. In this scenario, someone may be inclined to verify the record to see if money has been moved, thereby giving up their email and any information that may be linked to it. A few ways you can verify an email is fraudulent is by:
• The “From:” email address does not match the company it comes from.
• Almost all big companies will not send you the record via email without you knowing about it first. You will also get a phone call from an institution when something like this occurs.
• If you don’t think you can verify an email is authentic, DO NOT click any hyperlinks.

The security risk here is that most people have their passwords linked to their email addresses. In many cases, users do not change their passwords from site to site. A malicious actor who obtains your email and password also acquires access to your logon information for many other accounts. On many sites, you also have your debit or credit card information linked to it. So from one email, an attacker can easily access your email, password and financial information.

Also, in many phishing attempts, emails contain malware that can infect a computer to grant an attacker unauthorized access to your computer or allow theft of personal information stored inside your computer. Things such as files, images, videos, banking information, medical records or passwords are all at risk of being taken and used against you.

If you want to prevent situations like this from happening, be sure to:
• Be aware of scam/phishing attempts.
• Change/use complex passwords on every site.
• Update your devices regularly.
• Install anti-virus/anti-malware programs.
• Never send personally identifiable information unsecured over email.
• Do not save personal information in an unsecured/unencrypted file on your computer.
• Restart your device at the end of every day!

We at the 436th Communications Squadron hope everyone practices good information protection habits. Be aware that attempts like this can happen to anyone. Ensure you are blocking spam and using strong passwords, so that you don’t end up like Tommy!