Frequently asked questions about phishing

• Who sends phishing messages?
• What if the return address on the e-mail looks legitimate?
• How did they get my e-mail address?
• What is Alaska USA doing to stop this?
• What can I do to protect my accounts?
• Who is vulnerable to phishing?
• Is it safe to use UltraBranch?

Who sends phishing messages?

Fraudulent messages are sent by individuals who are attempting to steal personal financial information, such as credit card numbers, social security numbers, and passwords. These scams can be run from anywhere in the world and typically involve exploiting an unsecured mail or web server.

How do I know a message is not legitimate?

There are usually a number of visual clues you can use to spot a fraudulent mail message.

• Look for misspellings and other typographical anomalies ... although this clue is less common now that crooks have gotten more sophisticated.
• Before you log in to any secure site, check to make sure the Lock or Key icon is displayed in your browser. These symbols indicate that the page you are using will encrypt data sent from your computer. Most spoofed web sites are located on servers that do not display this icon (although some are now getting tricky and hoping to fool you by incorporating the lock or key imagery into the web page itself).
• Confirm the web address (URL) in the location bar of your browser before entering personal information. It should begin with "https".

What if the return address on the e-mail looks legitimate?

The return address on phishing messages is "spoofed," or made to appear as an address different than the sender's actual address. Never rely on the return address to identify the sender, even if it seems like the message came from a trusted source.

Remember, Alaska USA will never call or e-mail you to ask for account information. (If you call Alaska USA, you will be asked questions to verify your identity).

How did they get my e-mail address?

In most cases the crooks don't know your e-mail address, where you bank or where you live. Here's how it works:

• Scammers locate an unprotected mail server and send fraudulent messages to every address on the compromised server.
• Scammers obtain a list of e-mail addresses and mail their phishing attack to all addresses on the list.
• Computer viruses can also cause messages to be sent from an infected machine without the owner's knowledge.

What is Alaska USA doing to stop this?

Alaska USA has developed systems to detect these frauds as they occur, and then work through the authorities to shut the sites down. In addition, Alaska USA has posted fraud notices on its home page and has added extensive information to its web site to inform and educate members about this and other types of online fraud. The more savvy consumers are about fraud, the better they can protect their accounts.

What can I do to protect my accounts?

• The most important step is to never follow a link in an e-mail message. Assume all e-mail messages that ask you to click a link and input personal information are fraudulent until proven otherwise.
• As a further precaution, you should always be skeptical of any unexpected e-mail message that encourages you to take quick action. Phishing messages often encourage urgent action, either to avoid some inconvenience or negative consequence, or to gain something with a limited time offer.
• Read more in the "ID theft" info sheet and on the Alaska USA anti-fraud web page.

Who is vulnerable to phishing?

Many people can be deceived by this form of fraud. Phishing attacks can be particularly effective against people who are unfamiliar or uncomfortable with computer technology. Like many traditional cons, phishing victims "drop their guard" because of some combination of confusion, panic or the promise of an easy reward.

Help your family and friends avoid the dangers of phishing by spreading the word. Talk to the elderly who may be uncomfortable with computer technology, as well as anyone who is new to computers or perhaps too trusting for their own good.

Is it safe to use UltraBranch?

Absolutely. In fact, recent studies suggest that consumers who use online account access are more likely to spot suspicious transactions on their accounts. Remember, phishing attacks don't make UltraBranch unsafe. Their goal is to make you think that you are using UltraBranch when you are actually not, tricking you into giving away your personal information.

A range of security measures on the Alaska USA network and UltraBranch servers combine to make your communication sessions secure. There are certain steps that you can take to protect your account as well.

• Access UltraBranch only by carefully typing the web site address into your browser or using a trusted bookmark. Ultrabranch is accessible from the Alaska USA home page.
• Use a current web browser, and keep your computer and browser up-to-date with the latest security patches.
• Make sure you have up-to-date anti-virus and spyware detection software installed and properly configured on your computer.
• If your operating system includes firewall software, make sure it is active. Consider an inexpensive firewall device, especially if your computer is always connected to the Internet, as is the case with most cable, DSL, or other broadband connections.
• Choose a strong Personal Access Code (PAC) for UltraBranch. Don't share your PAC with others, and don't write it down where others can find it.
• When you complete your UltraBranch session, always click on the "Log Out" button to terminate your connection with the UltraBranch server.