“DO WHAT HAS TO BE DONE”
DISTRIBUTION:
This document is authorized for the
widest release without restriction.
Report a crime to the
Department of the Army
Criminal Investigation Division
Cyber Directorate
27130 Telegraph Road
Quantico, Virginia 22134
Email
Cyber Directorate Web Page
--
Scammers – those determined to steal money, personal information,
and identities from anyone – continuously evolve their scam strategies.
Staying abreast of the latest scams and following some easy best
practices is key to avoid becoming the next victim.
Pretending to be from the DFAS, scammers contact soldiers via text
and phone calls and claim the soldier has been overpaid by the
military. Knowing military terminology, the scammers easily convince
the soldier of a legitimate pay problem and threaten the soldier with
punishment if the excess funds are not returned via a money transfer
application.
Pig butchering scams rely on a scammer – the butcherer – building an
online relationship and level of trust, often over a long period, with a
victim – the pig. The scammer then convinces the victim to invest large
sums of money or cryptocurrency in a bogus investment platform or
account, essentially fattening up the victim with opportunities for
increased wealth while feeding the scammer-controlled account. The
victim, eventually attempting to withdraw funds, will have no success
because the scammer has taken everything.
Tax season is here, and the Internal Revenue Service (IRS) warns that
cybercriminals are more intent during this time of year to steal
taxpayer’s money and data. Taxpayers are reminded that the IRS will
not initiate contact via email, text message, social media, or other
digital applications to notify a taxpayer of an overdue tax bill, unfiled
return, tax filing error, or for personal or financial information. The IRS
will initiate contact with taxpayers through official correspondence
delivered by the United States Postal Service (USPS).
MFA requires a combination of two or more credentials to access an
account, such as a password and an additional authentication request
sent to the account owner via email, text, or phone call. MFA prompt
bombing involves an unauthorized individual using the stolen
credentials, username and password, on an account with the hope the
legitimate user mistakenly authorizes the second authentication
request. Once authorization is granted, the unauthorized user has
complete access to the account.
Selling household goods is a popular practice for relocating military
personnel, which the military does often. Feigning an interest in
purchasing a particular item, the scammer contacts the seller and
requests the seller verify their identity by providing the scammer with
the six-digit Google Voice verification number texted to the seller’s