DLA Public Affairs, Sept. 16, 2020 —
As a federal employee with plenty of cybersecurity training under my belt, I am usually very cautious about unknown calls. I got a wake-up call to review my training after a recent conversation with a friend I’ll call “Annie.”
Annie told me she received a call on her cell phone and absentmindedly answered without looking at the number. A robocall voice told Annie the call was from the Social Security Administration and her Social Security number had been used fraudulently. The recording directed her to press “1” immediately. If she failed to comply, SSA would freeze her Social Security number and contact authorities to have her taken into custody.
Recognizing the seriousness of the situation, I asked her what happened next. Annie said she immediately hung up the phone and called the police on the non-emergency number. An operator instructed her to contact SSA to report the call, which she did.
The operator also told Annie she did the right thing by hanging up, noting that government agencies never call out of the blue or relay threatening messages by phone or email.
“Dad always told me to listen to my gut instincts because they’ll never be wrong,” Annie told me. “I’m glad I listened to my gut this time and hung up the phone.”
What Annie experienced is an example of spoofing. According to the FBI, spoofing occurs when someone disguises an email address, sender name, phone number or website URL – usually by changing one letter, symbol or number – so it resembles a trusted source. These criminals try to deceive others in hopes of gaining personal information they can exploit and will use tricks like confirming your personal information to receive money or other benefits, promising medical equipment such as personal protective equipment or promising information on a cure for the coronavirus.
To avoid falling prey to these spoofing schemes, always look up suspicious phone numbers and email addresses and never use a source provided by a potential scammer. Instead, use a trusted source such as Google. Also be mindful of what you post online and on social media. Scammers can use that information to guess your password or access other information.
According to the FBI, the most common schemes to gain personal information during the pandemic include requests for:
- Charitable contributions,
- General financial relief,
- Airline carrier refunds,
- Fake cures and vaccines, and
- Fake testing kits.
Tips for protecting yourself and stopping criminal activity include:
- Don’t open attachments or click links within emails from senders you don't recognize.
- Don’t provide your username, password, date of birth, Social Security number, financial data, or other personal information in response to an email or robocall.
- Always verify the web address of legitimate websites and manually type them into your browser.
- Check for misspellings or modified domains within a link. An example would be a domain extension ending in .com when it should be .gov.
Suspicious emails spotted at work should be referred to the DLA Computer Emergency Response Team by clicking on the DLA Spam Alert button in the upper right corner of the main Outlook email ribbon. You can also open a new email, attach the suspicious message and forward it to email@example.com.
Practicing good cyber hygiene and staying vigilant protects the DLA network and employees and keeps warfighters safe.