United Airlines AFA MEC Website

Association of Flight Attendants-CWA United Master Executive Council

What Is "Phishing?"

Date: May 19, 2017
Type: AFA Article

What Is "Phishing?"

Phishing is a technique used by hackers to mimic an associate or a familiar company, intending to deceive and access their victim's personal financial data.  Using email, phony internet sites, or phone solicitation, a scammer may direct an unsuspecting person to follow a sequence of instructions, such as clicking on links in emails that lead to fraudulent websites.  

Cyber-Thieves have perfected their craft.  They can be very persuasive, having already convinced millions around the world of their authenticity.  Please use your best judgment and heed these warnings!  Don't open any suspicious emails, click dubious links, nor open any attachments unless they are from a trusted source.  Always keep your software is up-to-date, and be advised that Microsoft is offering a free "patch" for download, that will protect your system from the Ransomware known as "WannaCry."

How does it spread?

The recent malware unleashed upon the net, targeted individuals and companies with Windows PCs.  Ransomware spreads by hiding within Word documents, PDFs and other files normally sent via email, or by finding a back door into a computer system. 

Here's An Example of a Popular Scam:  

You receive an e-mail that appears to come from your bank.  It instructs you to update your account information and provides a link to the bank's website.  However, the link sends you to a phony website set up to look like your bank's site, for the sole purpose of stealing your banking information, or installing malware on your system.

What is "Spear Phishing?"

Spear Phishing is a technique used that strikes an individual within an organization. The following is an example of Spear Phishing:

Typically exploiting someone who accesses the entire network of an organization's computers, Spear Phishing involves fabricating an email, which looks as if it was generated by someone within the offices, and sending it to the targeted person.  It may direct the person to update a password, supply personal information, or open an attachment with "time-sensitive" materials.  The Scammer may then be able to install malware on the user's computer that may, in turn, infect every computer with which that individual corresponds. An entire company could be held hostage to a blackmailer's demands if the blackmailer successfully locks the Company, the Police Station, the City Municipal Offices or the Hospital out of it's own files! 

Strong Indicators a Phishing Attempt may be in Progress

Emails containing generic greetings

Phishing emails often include generic greetings, such as “Hello Bank One Customer” rather than using the recipient’s full name.  This is an obvious tell for "Bundled Phishing Attacks" launched in bulk, contrasted by Spear Phishing attacks that are typically more personalized.

Emails requesting personal information

Legitimate businesses usually never email customers, asking them to enter login credentials or other sensitive information to enter a website. This is a safety measure to help protect consumers and help customers distinguish between fraudulent emails from legitimate ones. 

Emails requesting an urgent response

Most phishing emails try to create a sense of urgency, causing recipients to act without thinking, out of fear they will put themselves at risk of losing their account or will lose access to important information if they don’t act immediately.

Emails with spoofed links

Does a hyperlink in the message body lead to the page it claims to? Never click on the linksto find out; instead, hover over the link to verify its authenticity. Look for URLs beginning with HTTPS. The “S” indicates the site uses encryption to protect users’ page requests.

When in doubt, call.

If the content of an email troubles you, call the company in question to find out if the email is legitimate. If not, the company is now aware and can take action to warn their other customers of potential phishing attempts appearing to come from them.

Remember, as an added step of protection, always keep your software up-to-date, be advised that Microsoft is offering a free "patch" for download, that will protect your windows system from the Ransomware / WannaCry.  

All news stories

top of page