Email this Article Email   

CHIPS Articles: Anatomy of a Phishing Scam

Anatomy of a Phishing Scam
By CHIPS Magazine - October-December 2017
Cyber-crime is an insidious threat. Social engineering tactics are more sophisticated, realistic and difficult to spot than ever, according to government agencies — from the Federal Trade Commission — to the FBI. Phishing attacks are one of the most common forms of cyber-crime and they work because users are often distracted and do not adequately question the authenticity of an email or online communications.

Phishing scams involve online communications, such as social media or emails, designed to lure individuals into revealing sensitive information. Following the links or downloading attachments in phishing scams will expose your device to malware, ransomware and the possibility of identity theft.

The Department of Homeland Security describes ransomware as a form of malware that prevents or limits users from accessing their system or select files, unless a ransom is paid to restore access.

National Cybersecurity Awareness Month is the right time to start practicing good cyber hygiene and discontinuing any bad security habits — like blindly clicking on each friend request, following dubious links and opening suspicious-looking emails.

DHS provides the example below for tips on how to spot a phishing scam. Look for common signs such as bad grammar and misspelled words which indicate that the email did not come from a professional organization or a real person you may know. These phishing attempts often convey a sense of urgency that you must act quickly with the threat that a service will be terminated. This is so you don’t have time to think!

These types of emails also improperly use a distortion of an authentic copyright-protected company or government logo or name to make the phishing email look legitimate.

From: Webmail Master Security (
Subject: Urgent Email

Dear Webmail User,

You are required to authenticate your account below to continue sending and receive messages. We strongly advice you to upgrade now to protect your web/Domain and avoid termination. Follow link to verify your email address immediately:

Failure to update might process your account as inactive, and you may experience termination of services or undue errors. Please comply with new server requirements and read through the attached privacy policy.

Wondering why you go this email?

This email was sent automatically during routine security checks. We are trying to protect your account so you can continue using services uninterrupted.

Webmail Master
©2017 Webmail Domain

Be vigilant — if an email looks “phishy” — it most likely is. Validate authenticity by calling the organization or business directly. When in doubt, throw it out, DHS says. You can also report the fraudulent email to your email provider’s IT security department.

Be proactive and protect against malware and data loss by backing up your files and keeping them safe on a physical, external storage device or in the cloud. Make sure all your software is up-to-date and that your firewall is turned on.

If you spot a scam, report it to the Federal Trade Commission at Your reports help the FTC and other law enforcement agencies investigate scams and bring criminals to justice.

For more information and tips to stay safe online throughout the year, visit:

In this infographic the Department of Homeland Security provides examples of phishing scams
In this infographic the Department of Homeland Security provides tips for spotting a phishing scam
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer