Cyber criminals pose a threat to Postal Service™ employees by creating fake websites that closely resemble LiteBlue. These bad actors use fraudulent websites to capture employee identification numbers and passwords, so they can access employees’ personal information in PostalEASE, including direct deposit and other payroll information. These fake websites feature an address (“URL”) that resembles the actual address, such as “LightBlue,” “LiteBlu,” or “LiteBlue.org.”
Over the last few weeks, USPS® has taken steps to warn employees about the threats that cyber criminals pose, showed employees how to protect themselves, and implemented enhancements to existing security protocols. These steps included a targeted awareness communication campaign, which involved a letter sent to all employees’ address of record and the distribution of two required stand-up talks. Additionally, USPS implemented a system of email notifications (when changes are made to employees’ net-to-bank and allotment accounts), and provided instructions on setting up this functionality.
Considered one of the most powerful tools available for preventing cyber-attacks, multifactor authentication (MFA) offers significant additional protection of personal information to our employees. MFA is a verification method that requires users to provide their username and password, as well as an additional factor (i.e., authenticator app or one-time passcode) before gaining access to an application.
On January 15, 2023, USPS deployed the MFA solution for LiteBlue to enhance the security of employees’ IDs, passwords, and other personal data, while preventing unauthorized access and misuse of their accounts. At this time, you are required to sign up for MFA to access LiteBlue.
As part of MFA implementation, complete these steps:
n Reset your Self-Service Profile (SSP) password.
n Verify answers to security questions.
n Verify the last four digits of your Social Security Number (new security enhancement).
n Establish your MFA preferences.
As part of our plan to mitigate the risk of continued attacks, transactions of net-to-bank and allotments were temporarily disabled for all employees. As MFA is successfully deployed, this functionality will be reactivated.
For more information on setting up MFA, or to view support material (i.e., User Guide, FAQs, or videos), visit liteblue.usps.gov/cyber/multifactor-authentication.htm.
— Organization Design,
Organization Development, 1-26-23
