CHIPS Articles: WARNING DoD Travelers — DTS Phishing Attempt Reported
WARNING DoD Travelers — DTS Phishing Attempt Reported
By DTS Travel Operations, DFAS Indianapolis
-
March 6, 2018
Defense Travel System users have reported receiving a new phishing email. The email
advises the traveler that they were not paid correctly for their last TDY period.
<p>An extract of the phishing email message reads: <br/>
<div style="border: solid 1px #CCC; padding: 8px;">
From: noreply@defensetravel.osd.army<br/>
[mailto:noreply@defensetravel.osd.army] <br/>
Sent: Wednesday, February 28, 2018 8:48 AM<br/>
To: Traveler, Joseph CIV USARMY<br/>
<joseph.traveler.civ@mail.mil<br/>
Subject: [Non-DoD Source] Defense Travel System<br/>
Refund Notification<br/>
<p>Dear joseph traveler, <br/>
Due to a system error you were not paid correctly for your last temporary duty travel. We are contacting you to correct your account information. <br/>
<p>A refund process was initiated but could not be completed due to errors in your current unit information. REF CODE: 0572<br/>
COPY AND PASTE THE LINK BELOW TO UPDATE YOUR INFORMATION:<br/>
http://defensetravel.osd.army/?720c3cee7182ee131b68eee35ef77f2995a4pjc<br/>
<p><em>(Note: This link has been changed to preclude use)</em></p>
<p>After your information has been validated, you should get a refund to your bank account within 3 business days.</p>
<p>Thank you for your service and we apologize for any inconvenience.</p>
<p>Defense Travel System<br/>
Fort Belvoir, VA<br/>
</div>
<p><strong>How YOU can tell this is a phishing attempt.</strong></p>
<ol>
<li> The correct DTS email address is: box-name@defensetravel.osd.mil (not .army)
Consider all other addresses as suspicious, especially those ending in .army or .com. </li>
<li> Traveler name in the message salutation is not formatted (capitalized) properly. The name should reflect: Dear Joseph Traveler</li>
<li> The link provided in the phishing message does not correspond to a DoD “secure” message server. All DoD secure servers begin with <strong>https:</strong> for any official link from DoD.</li>
<li> DTS would never solicit information directly from a traveler. Should it ever occur, DTS would advise the traveler to update the user information in the DTS application versus providing an external link to update records.</li>
<li> Messages from Non-DoD sources are always suspect to being fraudulent. Addressees need to ensure they know who is sending them a message.</li>
</ol>
<p><strong>Your defensive actions include:</strong></p>
<ul>
• Delete the phishing email. <br/>
• DO NOT copy & paste the provided link to access the phishing site. You could compromise your personal (PII) data. <br/>
• DO NOT forward the phishing email. <br/>
<p><em>For additional information on this topic, please email your concerns or questions to: <a href="mailto:dfas.indianapolis-in.jft.mbx.in-army-dts-inquiries@mail.mil ">dfas.indianapolis-in.jft.mbx.in-army-dts-inquiries@mail.mil</a></em></p>
|
|