APWU national officers are continuing to advocate for members who have had had their wages stolen in the recent online fraud attack on USPS systems. Below is an update on management’s introduction of multifactor authentication (MFA) for LiteBlue log ins.

MFA is a tool that banks and other institutions use when dealing with sensitive personal information to prevent cyber-attacks. It is an identity verification method where users have to use two or more methods to gain access to an online account. Entering a password and then a text message confirmation code is an example of MFA.

Management has provided an update about the implementation of MFA to log into LiteBlue after cyber criminals gained access to sensitive employee data using fake websites that closely resembled LiteBlue. The fraudsters used this information to make changes to net-to-bank and allotment accounts to divert and steal direct deposit funds.

A Stand-Up Talk issued on January 17 announced that the Postal Service began requiring MFA in order to access LiteBlue on Jan. 15, 2023 as an additional layer of protection to strengthen online security measures for postal workers personal data.

When employees log into LiteBlue, they will be required to set up their MFA preferences. Once an employee’s MFA setup is enabled, these ID confirmation factors will be required each time they log in.

WHAT YOU NEED TO DO

After Jan. 15, 2023, when you log in to LiteBlue:

• Reset your Self-Service Profile (SSP) Password.
• Verify the last four digits of you Social Security Number (SSN.
• Set up your multifactor authentication preferences.
• After set up, you will be required to confirm your credentials each time you log in.

For more information or to view support materials, go to the LiteBlue login page and select “Multifactor Authentication.”

Resource materials, including an Instructions to Enroll and Sign in to LiteBlue with Multifactor Authentications (MFA) user guide, are also available below.

LiteBlue MFA Documents & Materials

The 2023 Joint Contract Interpretation Manual (JCIM), a resource for the administration of the 2021-2024 Collective Bargaining Agreement (CBA), is now available for members! Members can order their JCIM for $10 from the APWU Store on the APWU website, or you can click here for an electronic copy.

The JCIM is an APWU and USPS jointly prepared manual for interpreting issues related to the union contract and serves to address and resolve disputes as well as ensure contract compliance.

The JCIM is a collection of agreed-upon interpretations that have been made over decades of collective bargaining. Whether those interpretations have been made by simple discussion and agreement, interpreted by a national arbitrator in arbitration proceedings, agreed upon in memoranda of understanding, or through dispute settlements, the JCIM is the final word on issues printed in the booklet for all levels of the grievance process.

The purpose of the JCIM is also stated at the beginning of the manual:

“When a dispute arises, the parties should first go to the JCIM to determine if the issue in disputes is addressed. If it is, the parties are required to resolve the dispute in accordance with this manual. If the parties effectively use and consult the JCIM, many disputes can be settled early on in the grievance/arbitration process.”

APWU National Officers continue to warn postal workers to be on the lookout for a fraudulent online scheme that has resulted in stolen direct deposit payments from USPS employees.

The scam involves either a phone call from someone claiming to be a Postal Inspector or a fraudulent website that looks like LiteBlue, but sends workers’ log in details to the fraudsters. 

Once workers have provided the scammers with their security information, such as passwords and EINs, the scammers can log into their victims’ LiteBlue accounts and change their net-to-bank payroll information. 

USPS management warned workers about the fake LiteBlue sites in a Stand-up Talk on Dec. 23. 

On Dec. 29 the USPS disabled access to change PostalEase on external sites. Employees can still login through external computers, but can only view their direct deposit and other information. Employees who need to change their information will have to either login to PostalEase through an ACE computer at a postal facility or call the Human Resource Shared Service Center (HRSSC) directly at 1-877-477-3273 to make any necessary direct deposit or benefit changes at this time. 

An updated Stand-up Talk was posted on the subject on Dec. 30. However, it has been reported from the field that the Stand-up Talks are not being done in many locations and that managers are denying workers access to postal devices in order to log into their accounts.

If you have not received the Stand-up talks regarding LiteBlue fraud, or are denied access to PostalEase through a USPS issued device, please contact your steward or other local/state officer for resolution. If local management refuses to resolve the problems, local and state leaders can inform the Industrial Relations Department to address the problem with Postal HQ management.  

APWU national officers are monitoring the situation and demanding that the Postal Service provide full updates on what has happened, what is still happening, and what is being done to remedy the situation, including the reimbursement of stolen funds

Postal Service management will implement a Multi-Factor Authentication (MFA) system, which will add an extra layer of security by requiring a code sent via email or text to log in. It is recommended that everyone ensure the Postal Service has a good email or phone number that can receive a text on file. The email or phone number provided to the Postal Service for MFA will only be used for this purpose.

It is important that you should never share your LiteBlue/PostalEase login information with anyone. The Postal Inspectors will not call or ask for this information over the phone.

If you are concerned that you might have entered your LiteBlue information on a fraudulent website or have provided that information from a phone call, please attempt to log in and check your LiteBlue/PostalEase account immediately. If you can’t log in, see unauthorized changes, or if anything seems suspicious, contact HRSSC immediately at 1-877-477-3273.
 

FRAUD ALERT STAND UP TALKS