By Vicky Falcón
NAVAIR Public Affairs

Computer internet scammers have baited their lines and are waiting eagerly for unsuspecting consumers to be enticed into divulging personal data. The lure of choice for scammers these days is an e-mail mimicking a well-known financial institution or business.

“Phishing” is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.

According to Darryl Allen, Deputy, NAVAIR Deputy Chief Information Officer for Information Assurance, more and more of these scams are being reported on government e-mail accounts.

“These scam e-mails are sending consumers to fraudulent Web sites that are disguised to look and feel legitimate,” said Allen. “Once an individual accesses the site, they can be falsely led to divulge personal data – which can lead to identity or account theft.”

According to Allen, the concern for NAVAIR is that a respondent on a government unclassified network might compromise the security of that network.

“There are serious security implications with this scam,” said Allen. “Because a fake address bar (used as part of the fraudulent Web page) remains installed even after a user leaves the phisher’s site, there is a possibility that a phisher could use the technique to secretly track every Web site that is visited.”

Or even worse, he added, a phisher could potentially see, until closed, everything that is sent or received through the Web browser.

So how can you avoid getting caught? It’s simple. Do not enter any personal or sensitive information on a Web site you don’t trust. And do not follow e-mail or Web links that offer drivers, software updates or downloads.

“Anyone who receives such e-mail should delete it,” said Allen. “Do not respond to it, and do not forward it to anyone else.”

For a copy of the recent U.S. Naval Criminal Investigative Service Special Analytic Report regarding computer phishing scams, send an e-mail to PAX AD [email protected].