Sometimes, the emails offer fake job interviews conducted via Skype or Google Plus during which scammers try to glean Social Security numbers or bank account information.
Sometimes, the email schemes are more convoluted, asking recipients to cash what later turns out to be a counterfeit check to send back some of the money to the fraudsters.
To the Web-savvy, these are obvious “phishing” attempts, in which bad guys — many not all that skilled or sophisticated — try to conduct fraud or ferret out personal information with legitimate-seeming emails.
But these particular messages target an especially vulnerable population — veterans transitioning to civilian careers or otherwise looking for work.
Some of suspect emails even appear to originate from reputable employers. And many of them mention where they turned up veterans’ contact information: a career site run by the Department of Veterans Affairs that allows employers to peruse veteran resumes.
“After viewing your profile on VA JOB PORTAL We feel you may be a good candidate for a position within our company,” reads one of the many similar-sounding scam emails seeking to ensnare veterans. A few of the messages even mention Vets.gov, the name of the recently redesigned and relaunched VA website that hosts the career site, by name.
But VA’s message to veterans: We feel your pain, but our website’s not to blame.
“When asked if the job site protected veterans’ personal information … he [said] he was “pretty confident” there hadn’t been a breach”
“There has never been a security breach,” said VA Chief Technology Officer and Vets.gov architect Marina Martin in an interview last month, when Nextgov first began looking into the phishing scams. “It’s not that somebody downloaded a bunch of veteran emails. That has never been claimed or found.”
VA officials, like Martin, have also repeatedly maintained there’s been no indication any of the supposed companies that have emailed jobseekers actually obtained veteran email addresses, either by being granted access to the site or stealing the information through other means.
That’s the same thing Curtis Coy, the deputy undersecretary for economic opportunity in the Veterans Benefits Administration, told the House Veterans Affairs Committee last November when lawmakers requested an update on potential Vets.gov phishing scams brought to their attention.
When asked if the job site protected veterans’ personal information, Coy responded, “absolutely.” Later, he added he was “pretty confident” there hadn’t been a breach of the site.
“I don’t think in the world of IT, anybody can say 100 percent confident, but we’re pretty sure,” he said. “We’ve not seen any intrusions as of yet.”
VA says the emails are the result of persistent scammers targeting a susceptible population — simply slapping the agency’s name on a garden-variety phishing email in an attempt to look legit.
“It’s not connected to us,” Martin said. “It’s not coming from a VA address. It’s not linking to VA.”
But the problem has persisted — and may be growing.
In a March 9 blog post published by the agency’s Office of Information Security, officials wrote, “We’ve had veterans share with us several emails recently purporting to be from VA’s Vets.gov website and the Veterans Employment Center.” The post later added, “While it is unfortunate that anyone would try to take advantage of a veteran, tactics such as phishing are becoming more common.”