New phishing scam targets military users, DFAS warns
- By Kevin McCaney
- Apr 16, 2012
A new phishing campaign is targeting military service members,
retirees and civilian employees receiving disability compensation, the
Defense Finance and Accounting Service warns.
The e-mail scam dangles the prospect of additional disability
compensation in an effort to get recipients to give up their personal
information, according to a post on DFAS' website, which urged anyone receiving such an e-mail not to respond to it.
The e-mails, which appear to come from a DFAS employee, display a
spoofed .mil e-mail address and say that recipients of disability
compensation from the Veterans Affairs Department could also be
eligible to get money from the IRS, DFAS said. The phishing scam asks
recipients to submit their VA award letters, income tax returns, 1099-R
forms and other documents to a supposed retired colonel in Florida.
To hackers, government users are phish in a barrel
5 ways to avoid getting caught in phishing scams
“Do NOT follow the suggestions in the e-mail,” DFAS warns, “because
you will be providing a significant amount of your personal information
to a complete stranger, which could result in a financial loss to you.”
Phishing campaigns of this type — offering money if you just give up
your personal information — are fairly common around tax time, and
phishing scams of all kinds are increasingly common in government
circles, whether the goal is to compromise individuals’ financial
information or to attack enterprises.
The U.S. Computer Emergency Readiness Team recently reported that
phishing was the most common type of attack against government
networks, accounting to 51.2 percent of attacks.
Scams can range from mass e-mailings to narrower targets, such as
military recipients of disability payments, to specific individuals
whose e-mail address and other information may have been taken in a
In February, intelligence analysis company Strategic Forecasting warned its government customers about
a spear-phishing campaign that appeared to come from the company. The
phishers were targeting account-holders whose information was taken in
a hack by the group Anonymous, which then posted the information
online. The Army also had warned Army Knowledge Online users about
potential identity theft as a result of the hack.
The DFAS scam is another example of what government users and other
individuals need to be on guard for. It’s worth remembering that the
IRS and many other agencies never send people e-mails, especially not
e-mails offering to give away money.
And people should always beware of any e-mail asking them to go to a link and submit personal information.
Also, phishers are getting better at spoofing e-mail
and Web addresses, so it’s wise to avoid clicking on any link you’re
not sure of. Hovering your mouse over a link will often, but not
always, reveal whether a link is spoofed. When in doubt, security
experts say, typing the address in manually, rather than clicking the
link, can help you avoid being taken to a malicious site.
Kevin McCaney is a former editor of Defense Systems and GCN.