USPS tightens online security after fraudsters steal employee paychecks


The Postal Service is stepping up its online security measures in response to scammers targeting USPS employees’ financial information.

In a notice to the USPS workforce Tuesday, cybercriminals are targeting USPS employees by creating fake websites that closely resemble LiteBlue, the agency’s online employee portal.

Postal unions are warning their members that scammers are using these fake websites to obtain USPS employee login information and direct deposit paychecks to themselves…

READ MORE

The Postal Service is stepping up its online security measures in response to scammers targeting USPS employees’ financial information.

In a notice to the USPS workforce Tuesday, cybercriminals are targeting USPS employees by creating fake websites that closely resemble LiteBlue, the agency’s online employee portal.

Postal unions warn members that scammers use these fake websites to obtain USPS employee login information and direct deposit paychecks into their bank accounts.

LiteBlue allows employees to access payroll information, Federal Employee Health Benefits (FEHB), access their Thrift Savings Plan, and contact USPS human resources.

The USPS told employees in a memo this week that it switched LiteBlue to multi-factor authentication (MFA) on January 15.

USPS will require employees logging into LiteBlue to reset their passwords, verify the last four digits of their Social Security Numbers, and set multifactor authentication options.

Once activated, USPS will require employees to enter their MFA code before accessing their online account.

In a statement, the USPS said it “continues to take precautions to prevent further unauthorized activity.” The agency said it notified affected employees and purchased a year’s credit monitoring service for them.

The USPS said LiteBlue and PostalEASE, a self-service application available through LiteBlue for employment-related services, were not compromised.

According to the USPS, its Office of Inspector General notified the Postal Inspection Service and the USPS Corporate Information Security Office of “unusual login activity involving a limited number of employee accounts within the Postal Service’s PostalEASE system.”

“A limited number of employees have reported unusual account activity related to their PostEASE accounts, which has been attributed to their prior interactions with fraudulent LiteBlue websites,” the agency said.

On Friday, the American Postal Workers Union said the union “continues to defend members whose wages were stolen in the recent online fraud attack on USPS systems.”

“Management provided an update on MFA enforcement to access LiteBlue after cybercriminals gained access to sensitive employee information using fake websites closely resembling LiteBlue,” APWU wrote. “Fraudsters used this information to make changes to bank and share accounts from the network to divert and steal direct deposit funds.”

Scammers have apparently been targeting USPS employees for at least a month.

The National Letter Carriers Association said in a Dec. 21 post on its website that the USPS has confirmed that some employees unknowingly submitted their usernames and passwords to criminal websites when they tried to access PostalEASE.

NALC said about 119 USPS employees tried to access PostalEASE through a Google search instead of entering the web address directly into their browser.

“Google’s routers redirected their searches to third-party criminally operated websites that mirror PostalEASE’s appearance and access. Unfortunately, their login credentials were compromised and some accounts were stolen,” NALC wrote.

NALC is asking members whose credentials have been compromised to report the union on its website so that NALC can report the scope of the problem to USPS.

“Specific banking industry standards require financial institutions to provide assistance in certain situations. However, several third-party websites were criminal scams and it is likely that some of the lost money will not be recovered. The USPS does not have a total dollar loss that currently exists. The USPS says responsibility for the hack, breach of bank accounts and lost money remains with Google,” NALC wrote.

An earlier USPS memo, dated December 30, 2022, also warned employees about a fraud scheme by cybercriminals using a fake version of the LiteBlue website.

“When you try to access a fake site, scammers collect your username and password. Fraudsters can record this information and use it to log into PostEASE,” the note said. “There, fraudsters can access your sensitive information, which they can manipulate for financial gain.”

In the memo, the USPS said its Direct to Bank Net deposit and Withdrawal features have been disabled online in the PostalEASE application.

The Dec. 30 memo also states that the USPS has temporarily suspended external access to PostalEASE via personal computer “until further notice.”

During this time, USPS employees can still cancel deductions or activate or change direct deposit settings over the phone by calling the USPS Human Resources Shared Service Center (877-477-3273).

Employees who make these changes over the phone must have an employee identification number (EIN) and personal identification number (PIN), the agency said.



Source link