by The Postal Service is tightening its online security measures, in response to fraudsters concentrating on the monetary info of USPS workers.
USPS, in a memo to its workforce on Tuesday, warned that cyber criminals are concentrating on USPS workers by creating faux web sites that intently resemble LiteBlue, the company’s online worker portal.
Postal unions are warning members that fraudsters are utilizing these spoofed web sites to acquire USPS workers’ login credentials, and reroute direct-deposit paychecks to their very own…
READ MORE
The Postal Service is tightening its online security measures, in response to fraudsters concentrating on the monetary info of USPS workers.
USPS, in a memo to its workforce on Tuesday, warned that cyber criminals are concentrating on USPS workers by creating faux web sites that intently resemble LiteBlue, the company’s online worker portal.
Postal unions are warning members that fraudsters are utilizing these spoofed web sites to acquire USPS workers’ login credentials, and reroute direct-deposit paychecks to their very own financial institution accounts.
LiteBlue permits workers to their paycheck info, entry their Federal Employee Health Benefits (FEHB), entry their Thrift Savings Plan and phone USPS human sources.
USPS advised workers on this week’s memo that it shifted LiteBlue to multi-factor authentication (MFA) on Jan. 15.
USPS would require workers logging into LiteBlue to reset their password, confirm the final 4 digits of their Social Security Number, and arrange their multifactor authentication preferences.
Once enabled, USPS would require workers to enter an MFA code previous to accessing their online accounts.
USPS stated in an announcement that it’s “persevering with to take precautionary measures to forestall additional unauthorized exercise.” The company stated it has notified affected workers, and is buying a one-year credit score monitoring service for them.
USPS stated that LiteBlue and PostalEASE, the self-service software reached by LiteBlue for employment-related providers, haven’t been compromised.
According to USPS, its Office of Inspector General notified the Postal Inspection Service and USPS Corporate Information Security Office about “uncommon log-in exercise involving a restricted variety of workers’ accounts throughout the Postal Service’s PostalEASE system.”
“A restricted variety of workers have reported uncommon account exercise involving their PostalEASE accounts, which has been attributed to their prior interplay with the faux LiteBlue web sites,” the company stated.
The American Postal Workers Union on Friday stated the union is “persevering with to advocate for members who’ve had their wages stolen within the current online fraud assault on USPS techniques.”
“Management has supplied an replace in regards to the implementation of MFA to log into LiteBlue after cyber criminals gained entry to delicate worker information utilizing faux web sites that intently resembled LiteBlue,” APWU wrote. “The fraudsters used this info to make modifications to net-to-bank and allotment accounts to divert and steal direct deposit funds.”
Fraudsters seem to have been concentrating on USPS workers for about least a month.
The National Association of Letter Carriers, in a Dec. 21 post on its website, stated USPS had confirmed some workers unknowingly supplied their usernames and passwords to prison web sites whereas making an attempt to entry PostalEASE.
NALC stated that roughly 119 USPS workers tried to entry PostalEASE by a Google search, as a substitute of coming into the online deal with straight into their browser.
“Google’s routers redirected their searches to third-party criminally run web sites that mirror the look and entry of PostalEASE. Unfortunately, their logon credentials have been hacked, and a few accounts have been compromised,” NALC wrote.
NALC is asking its members whose credentials have been compromised to inform the union on its web site, to ensure that NALC to report the scope of the issue to USPS.
“Specific banking business requirements require monetary establishments to supply reduction in sure conditions. However, a number of third-party web sites have been prison scams, and certain, a number of the misplaced monies won’t be returned. USPS doesn’t have the overall greenback loss presently obtainable. USPS states legal responsibility for the hacking, checking account breaches and misplaced monies stays with Google,” NALC wrote.
An earlier USPS memo dated Dec. 30, 2022, additionally warned workers a few fraud scheme by cyber criminals utilizing a faux model of the LiteBlue web site.
“When you try to log in to a faux website, scammers acquire your username and password. Scammers can report this info and use it to enter PostalEASE,” the memo states. “There, scammers could entry your delicate information, which they will manipulate for monetary achieve.”
USPS within the memo stated its direct deposit Net to Bank and Allotment functionalities have been disabled online within the PostalEASE software.
The Dec. 30 memo additionally stated USPS had quickly suspended exterior entry to PostalEASE by way of private laptop “till additional discover.”
USPS workers throughout this era may nonetheless cancel allotments, or allow or change their direct deposit settings over the telephone by calling the USPS Human Resources Shared Service Center (877-477-3273).
The company stated workers who make these modifications over the telephone must have their worker identification quantity (EIN) and private identification quantity (PIN).
