Cybersecurity Awareness

Air Force Cyber Security graphic.

Air Force Cyber Security graphic.

Holloman Air Force Base, N.M., --

We lead internet-connected, digital lives. Everything we do in our home and work lives is impacted by technology. Devices that used to be dumb are becoming “smart.” Internet-connected phones, watches, refrigerators, vehicles, heating, ventilation and air conditioning systems make life more convenient. They also put us at risk. The introduction of all of this technology creates vulnerabilities that didn’t exist 20 years ago. This is great news for cyber criminals such as hackers and scammers. Any device that connects to the internet is vulnerable to attack.

“If you use any device that connects to the network, you are putting yourself at risk of being hacked,” said 2nd Lt. Kirk Dial, 49th Communication Squadron plans and resources flight commander. “That means having valuable information taken from you, either sentimental or financial. Hackers and scammers do not care who you are. Leaders such as CEOs, CFOs, any individual with a public presence, as well as the older generation are vulnerable. Leaders tend to be targeted because they have more knowledge and influence. The older generation are targeted because they didn’t grow up with a smartphone in their hands and are generally less tech-savvy.”

 

Cyber criminals are getting clever and finding new ways to exploit unsuspecting victims using various tactics. The promise of receiving fast cash in exchange for personal information over popular social media sites like Facebook, Instagram and Twitter are causing major problems for service members.

“Phishing” is an email scam that tricks victims into revealing personal or private information, including Social Security numbers, bank account numbers or passwords.

One of the nation's longest-running scams is known as foreign government letter scams, these "fund transfer" frauds reach intended victims by e-mail. The sender, who claims to be a government official or member of a royal family, requests assistance in transferring millions of dollars of excess money out of his or her country and promises to pay the person for his or her help. The message is always of an “urgent, private” nature.

Phishing scams have continued to evolve, keeping up with progressing technology. Typically, phishing attacks use emails or malicious websites with familiar logos, like Citibank or PayPal, to infect your machine. The websites are replicas and once users log on they are often urged to “confirm” their information. When users respond with the information or click on a link, attackers use it to access their accounts.

To protect themselves, internet users need to recognize the e-mail as a scam. Some common indicators are listed below:

- The e-mail asks for personal information. Legitimate businesses do not request such information through e-mails.

- The e-mail does not address the recipient by name.

- The e-mail does not reference a partial account number.

- The e-mail warns that accounts will be closed unless the user reconfirms his or her information immediately.

- The e-mail warns the user he or she has been the victim of fraud.

- The e-mail contains spelling or grammatical errors.

Some ways to protect personal information include:

- Contacting the business and verifying the message is genuine.

- Adopting a general rule not to send personal information over the Internet unless the user made contact first.

- Contacting legitimate businesses that are being victimized to put them on alert.

- Follow the READ methodology: Is the email/notification Relevant, Expected, Addressed properly, Digitally signed.

- Set up Two Factor Authentication (2FA) on your email accounts. Simply do an internet search and directions should be some of the first results. (E.g. if you have Hotmail, search “2FA Hotmail”)

Never do the following:

- Have the website or your computer save your passwords.

- Have simple passwords such as “password” or names of family or pets. Instead use a combination of uppercase, lowercase, numbers and symbols in your password (e.g. 2wsx#EDC)

If you believe you have been the recipient of a phishing attempt at work, open the Virtual Enterprise Service Desk (vESD) icon located on your desktop. Click on “Cyber Threat” and follow all directions. If you’ve received a phishing attempt in your personal email, change your passwords and your pins and notify the proper personnel. For example, if you received a phishing attempt that appeared to be from Citibank, report the attempt to Citibank.

“Although there are many actions to heighten security, there is no such thing as a 100% secure network.  Cybersecurity is a shared responsibility in which all Airmen have a role to play,” Dial said.