Skip to main content
ADOA-ASET Logo
  • Home
  • About
    • Careers
    • Leadership Team
    • Statutes and Rules
    • Meeting Requests
  • Services
    • Current Rates
  • Strategy
    • ACT Recommendations
    • Digital Government
    • Enterprise Architecture
    • Enterprise Project Management Office
    • Strategic Oversight
    • Statewide Strategic IT Plans
  • Governance
    • IT Authorization Committee (ITAC)
    • Chief Information Officer (CIO) Council
    • Change Advisory Board (CAB)
    • Enterprise Security Program Advisory Council (ESPAC)
  • Programs
    • AZNET II - Arizona Network
    • Archived Programs
  • Resources
    • ASET Billing
    • Glossary
    • Policies, Standards and Procedures
    • Security
      • Incident Reporting
    • Cyber Resources - Local/Tribal Governments
    • Service Desk
    • Training
    • Agency Engagement Manager List
  • Home
  • Resources
  • Security

Security

Primary tabs

  • Best Practices
  • Awareness(active tab)
  • Privacy
  • Forms
  • News

In the pre-Internet era, con men, also known as confidence men, would gain victims’ confidence through the use of deception, to defraud them. The same principles are being used today, only now to an even greater efficiency through the use of online scams.  One of the most prolific means for online scamming is phishing.

“Gone Phishing”

When using the email, it is difficult to know, with certainty, with whom you are communicating. Scammers will utilize this uncertainty to pose as legitimate businesses, organizations, or individuals, and gain the trust of users. If a scammer is able to gain the trust of victims, they can leverage this trust to convince victims to willingly give up information or click on malicious links or attachments. To gain users trust, scammers will appear like legitimate businesses or organizations, by spoofing the email address, creating a fake website with legitimate logos and even providing phone numbers to an illegitimate customer service center operated by the scammers. Being aware and observant can help you defend against scammers’ deceptions by being prepared and proactive.

Two Common Types of Phishing Attacks

  • Phishing scams are perhaps one of the best-known forms of email scams. This type of scam involves a scammer pretending to have a fortune that he or she is incapable of accessing without the help of someone trustworthy, which happens to be you! The scammers will try to obtain the user’s financial information using an empty promise of sharing the wealth in exchange for their help.
  • Spear-phishing is a targeted and personalized attack in which a specific organization or an individual is the target.  These attacks will utilize information about the user email addresses, which are similar to those of their acquiantances to entice the users to either divulge sensitive information or download a malicious file.  This often requires a lot of information gathering on the targets and has become one of the favored tricks used in cyber espionage.

Be Aware

When it comes to phishing, the best line of defense is you. If you are aware of potential phishing traps and observant of the telltale signs of a scam, you can better defend against a phishing attack. Here are some easy tips to protect yourself:

  • Be cautious about all communications you receive including those purported to be from "trusted entities" and be careful when clicking links contained within those messages. If in doubt, do not click.
  • Don’t respond to any spam-type e-mails.
  • Don’t send your personal information via email. Legitimate businesses will not ask users to send their sensitive personal information through this means.
  • Don’t input your information in a pop-up; if you are interested in an offer that you see advertised in a pop-up ad, contact the retailer directly through its homepage, retail outlet or other legitimate contact methods.

Be Observant

Scammers rely on their deception to entice users to willingly do what the phisher wants.  Their deception is based upon resembling legitimate sites or trusted sources.  These phishing scams can be very realistic and difficult to identify.

However, there are some telltale signs that may indicate a phishing scam.  By being observant of these, you can help minimize your risk of becoming a victim.  Keep an eye out of these simple telltale signs of a phishing email:

  • The email has poor spelling or grammar.
  • For secure transactions, look for a lock icon in the URL.
  • The use of threats or incredible offers is a common tactic that tries to elicit an emotional response to cloud the user’s judgment.
  • The URL does not match that of the legitimate site. Scammers cannot use the same URL associated with the legitimate websites, so they will tweak the address of their spoofed website so that at a quick glance it looks legitimate.
    • The URL may use a different domain name (e.g., .com vs .net)
    • The URL may use variations of the spelling of the actual address

Be Aware of Attachments

Don’t trust a file based on its extension. There are a variety of tricks to hide the nature of the file. While the simplest solution is not to download a file from an unknown user, below are some additional things you can look for:

  • Be cautious about double file extensions. One way the extension can be hidden is by adding a second extension such as “Evil.pdf.exe” so that is looks like a regular PDF, with the .exe hidden.
  • Be wary of container files, such as.zip files. Any number of files can be packaged inside, including malicious ones!
  • Beware of attached files. Malicious code can also be embedded in commonly emailed files such as .doc and pdf, giving you another reason why you should only open attachments from trusted sources!
  • Do not open executable files. These are files which have a .exe extension.

Lastly, make sure you have an up-to-date anti-virus software program installed.  Enable the feature to scan attachments with the anti-virus program before downloading and saving them to your computer.

Document(s):
  • The Internet's Most Wanted: The Phisherman

Resources

  • ASET Billing
  • Glossary
  • Policies, Standards and Procedures
  • Security
    • Incident Reporting
  • Cyber Resources - Local/Tribal Governments
  • Service Desk
  • Training
  • Agency Engagement Manager List

Daily Tips

When Online, Free Isn't Always Free

There are a lot of free services online these days. You can store pictures "in the cloud,"...

Continue to "When Online, Free Isn't Always Free"

Security Blogs

On Guard Online

Stay Safe Online

AVAST

Microsoft

McAfee

Security Newsletters

PDF icon April 2014

Security Alert Level

Shape of the State of Arizona colored green to represent a low alert level

Low

Green or Low Indicates a low risk.  No unusual activity...

Review definition of "Low"
LinkedIn Twitter YouTube This site (RSS)
Arizona State Seal
Contact Us
ADOA-ASET
100 N. 15th Avenue, Suite 400
Phoenix, AZ 85007
Find in Google Maps
Phone: 602.542.2250
Map Image

Footer Utility

  • Statewide Website Policies
  • Site Map
  • Meeting Requests