FORT GEORGE G. MEADE, Md. (AFRNS) â€” Defense Finance and Accounting Service official recently released a statement warning of email scams targeting military members, military retirees and civilian employees.
According to the statement, the most recent email scam indicates that individuals who are receiving disability compensation from the Department of Veterans Affairs may be able to obtain additional funds from the Internal Revenue Service, but only if they send copies of their income tax information.
Scammers have been known to â€œspoofâ€ DFAS email addresses. Spoofing is a technique designed to extract personal information from individuals for fraudulent use by masquerading as legitimate officials.
â€œThey (Scammers) manage to find a way to appear legitimate when theyâ€™re not,â€ said Edward Peace, the senior cyberwarfare instructor for the 39th Information Operations Squadron at Hurlburt Field, Fla. â€œIn some cases, addresses look similar to legitimate sources, but in other cases if you inspect just a little bit deeper, looking at where the email came from, you would be tipped off right way. But most people donâ€™t look at it; they just look at the content, assume itâ€™s legitimate and they go from there.â€
To fool people, Peace said, the scam artist may create a server so the URL is close to a legitimate site, for example using .mic instead of .mil at the end of the web address. People can avoid these scams by closely reading the address from where the email was sent.
Though these scam artists have found ways to spoof the DFAS email address, this does not mean customer accounts have been compromised.
â€œWe have not had an incident threaten our security or the accounts of our customers,â€ said Steve Burghardt, a DFAS media relations officer. â€œWe are always on the lookout. And weâ€™re taking steps to educate folks.â€
With that, DFAS officials are developing pages on their website to highlight their official email policy, examples of scam emails and law enforcement agencies that can initiate an investigation.
DFAS officials are also trying to make this information readily available via myPay, Burghardt said.
â€œThatâ€™s our biggest concern,â€ he said. â€œAs long as you keep your login credentials private, your account is pretty much assured a fairly decent amount of security. But if you allow your personal information to be compromised, scammers can use your information to get new credentials … I can always impersonate you and say, â€˜I lost my login credentials, get me a new one.â€™â€
Besides getting their personal information stolen, people can also fall victim to computer attacks by even opening these emails.
For example, if there are HTML attachments or links in the email, they can drop malware on the computer, usually a Trojan horse, Peace said. If this happens, the Trojan can begin loading more malware on the computer or turn the computer into part of a botnet. In this scenario, oneâ€™s computer is taken over by a hacker, made part of a larger network and used mostly for nefarious purposes.
In order to avoid falling victim to these computer viruses and malware, people using commercial email accounts should immediately erase scam emails, Peace said. Service members who receive these types of email on their .mil accounts should immediately notify their network administrator.