Spoofed websites may hide malware

Published Sept. 1, 2011
By Airman 1st Class Saphfire D. Cook
355th Fighter Wing Public Affairs

DAVIS-MONTHAN AIR FORCE BASE, Ariz. -- That military website you just logged onto may not be as secure as you think. Web pages containing malware are posing as government websites, and Airmen using search engines to locate official Department of Defense pages have reported spoofed, or illegitimate, websites among the results.

"Put simply, a spoof site is an imposter website made to look like a reputable site," said Senior Airman Ryan Brock, 355th Communications Squadron cyber security administrator.

The main concern with accessing these spoofed sites is Airmen entering passwords. The malware can use these passwords to access the legitimate sites and expose them to multiple threats.

"You can lose your money, your online personality, your credit and your real life identity," Airman Brock said. "Even your criminal record can be affected by unknowingly visiting a spoof site."

When selecting a link, users should verify the actual web address which can usually be found underneath the heading of the search result. Legitimate DoD sites normally end in ".gov" or ".mil".

"Go to your sites through Google and verify that they are the real sites," Airman Brock said.
"If you can use the https version of your sites do it. Try https://www.facebook.com; it's the same but reduces your chances of being phished."

Please submit all questions and concerns to the 624th Operations Center, Air Force Cyber Operations DSN 969-0624 or COMM 210-395 0624, or afcyberops.center@us.af.mil