The Department of Homeland Security’s Office of the Inspector General (DHS OIG) has issued an alert to warn that scammers are posing as DHS employees.
“Each year, DHS OIG receives hundreds of reports of individuals impersonating DHS employees to defraud the public,” the alert says. “Impersonators can spoof actual DHS phone numbers and create email addresses that resemble DHS email addresses in their attempts to appear legitimate. Some will even email or text pictures of real and doctored law enforcement credentials. These impersonators will try to convince targets to provide personally identifiable information, passwords, credit card or bank numbers, or payment via money transfer services or prepaid debit cards.”
The OIG says many of the DHS-related scams target “immigrants, minority groups or people with foreign ties,” including:
- “Violations of immigration or customs laws,
- “Lost or duplicate passports used abroad to commit crimes,
- “Unspecified ‘Green Cards matters,’
- “Packages detained at the border containing drugs or other illegal materials, and
- “Problems with the victim’s immigration forms”
The OIG offers the following advice to help individuals avoid falling for these scams:
- “Be suspicious of telephone calls or emails claiming to be from DHS as scammers can fake caller ID information and email addresses. All legitimate government emails will come from an email address ending in .gov.
- “Scammers often use incorrect nomenclature to identify themselves, such as ‘DHS agent,’ ‘DHS private investigator’ or ‘Detective with DHS.’ They may misuse acronyms or government agencies’ names such as ‘Department of Customs and Border Security,’ or ‘US Immigration Agency.’
- “DHS never uses the contact numbers listed on its website to make outgoing calls of this nature. Individuals receiving phone calls from these numbers should not provide any personal information.
- “Do not send money or gift cards to persons claiming to be from DHS. DHS employees will never ask you to pay a fine over the phone, and will never accept payment for fees through Google Play, Apple, gift cards, or money transfer services such as Zelle or Venmo.”
New-school security awareness training can enable your employees to recognize scams and other social engineering attacks.
The DHS OIG has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
