New scam targets DTS users

BUCKLEY AIR FORCE BASE, Colo. --

The Defense Finance Accounting Service is warning Defense Travel System users of a new phishing scam targeting government travelers.

In this scheme, scammers send an official-looking email notifying the member they were not paid correctly for their last TDY. The email then directs the traveler to click on a link to update their information.

Phishing is the deceptive practice of sending emails that appear to be from a reputable sender in order to dupe the recipient into revealing personal information, such as personally identifiable information and banking information.

The extract below reflects a typical phishing email, which includes many tell-tale signs.

From: noreply@defensetravel.osd.army
[mailto:noreply@defensetravel.osd.army]
Sent: Wednesday, February 28, 2018 8:48 AM
To: Traveler, Joseph CIV USARMY <joseph.traveler.civ@mail.mil

Subject: [Non-DoD Source] Defense Travel System Refund Notification

Dear joseph traveler,

Due to a system error you were not paid correctly for your last temporary duty travel. We are contacting you to correct your account information. A refund process was initiated but could not be completed due to errors in your current unit information.

REF CODE: 0572

COPY AND PASTE THE LINK BELOW TO UPDATE YOUR INFORMATION:

httpdefensetravel.osd.army/?720c3cee7182ee131b68eee35ef77f2995a4pjc (Note: This link has been changed to preclude use)

After your information has been validated, you should get a refund to your bank account within 3 business days. For additional information on this topic, please eMail your concerns or questions to: dfas.indianapolis-in.jft.mbx.in-army-dts-inquiries@mail.mil

Thank you for your service and we apologize for any inconvenience.

Defense Travel System
Fort Belvoir, VA

The following are red flags to be aware of:

  • The correct DTS email address is: box-name@defensetravel.osd.mil (not .army). Consider all other addresses as suspicious, especially those ending in .army or .com.
  • Poor grammar and capitalization errors
  • The link provided in the phishing message does not correspond to a DoD “secure” message server. All DoD secure servers begin with “https:” for any official link from DoD.
  • DTS would never solicit information directly from a traveler. Should it ever occur, DTS would advise the traveler to update the user information in the DTS application rather than providing an external link to update a record.
  • Messages from non-DoD sources are always suspect to being fraudulent and travelers must ensure they know who is sending them a message prior to taking any action.

Do not forward suspect emails and do not visit any links from untrusted sources. Additionally, phishing emails should be deleted.  For more information on this topic, email dfas.indianapolis-in.jft.mbx.in-army-dts-inquiries@mail.mil