News | March 19, 2018

Alert employee thwarts cyber criminals, preventing diversion of major payment

By Toby Brevitz, DLA Information Operations

DLA employees remain the first line of defense against fraud, including efforts to misroute government funds. Recently, a DLA Energy employee thwarted a fraudulent request to reroute a payment to a different bank.

This email supposedly came from a company Kim Binns, of the Ground Fuels Division, had been dealing with in her work — a company with legitimate business ties to DLA. The email looked exactly like other emails she had received in the normal conduct of business with the company. In fact, the subject line was a direct copy of an existing one, so it appeared the email was the latest in a series of emails between the company and DLA.

“When I first received the email, I didn’t realize anything was wrong. It looked like all the other emails I’ve received from them,” Binns said.

This appears to be one of the many criminal attempts against businesses. International fraud syndicates often target businesses and companies around the globe, most often by hacking into a business’s email account to learn about their clients and daily operations to impersonate employees and order a transfer of funds. This is most often done by directing victims (in this case DLA) to send payment or make a transfer to the fraudster’s account (most often in China, India, Russia or an African country). Scammers have been known to visit Hong Kong and recruit people to set up shell companies and open bank accounts to handle criminal funds.

Everything in the email appeared to be legitimate. But then Binns received another email — a legitimate one from the company. “I received a second email informing me the company had received payment,” said Binns.

“At this point, I emailed my company [point of contact] and asked if that payment had included the one the original email was discussing,” Binns said. “She replied, ‘I don’t know what you’re talking about.’ Now I knew something was wrong.”

Binns reported the email to the DLA Cyber Emergency Response Team via the “Spam Alert” button in Outlook and to her supervisor. “I told my company POC they should probably contact their IT personnel to look into it as well,” said Binns.

Once DLA CERT received the alert, they investigated. They determined the email itself contained no malicious code, but if Binns had followed the request in the email, millions of dollars would have been paid by the government to criminals.

Binns, a DLA Energy employee since 2002, said requests to change payments to different banks aren’t all that unusual, but there are such requests since the shift to eProcurement. “Since we moved to eProcurement, it’s up to the business to make that change themselves. We often don’t even know to what bank the payment is ultimately made,” Binns said.

Sadly, occurrences like this are far from rare. DLA and DOD have secure networks set up to defend against a wide variety of cyber attacks, but they can’t protect against the human element. That’s where you come in. If you receive a suspicious or unexpected email, don’t open any attachments or click on any links in the email, even if it’s from someone you know. Report the email using the “Spam Alert” button at the top of Outlook, and inform your supervisor. Don’t forward the email to anyone else, including your supervisor.

As the old saying goes, “If it doesn’t feel right, it’s not right.”