Phishing schemes mimic OPM breach notifications
It was probably inevitable: The millions of Americans whose personal information may have been stolen from Office of Personnel Management databases must now worry about scammers trying to capitalize on the government's response to that breach.
A June 30 alert from the U.S. Computer Emergency Readiness Team warned that "US-CERT is aware of phishing campaigns masquerading as emails from [OPM] or the identity protection firm CSID." After the breach was disclosed on June 4, OPM contracted with CSID to notify affected personnel and promised free credit monitoring for those whose records were compromised.
US-CERT did not offer specific examples of the fake emails, but did urge recipients to report any suspicious messages. The agency also reminded individuals that "the legitimate domain used for accessing identity protection services is https://opm.csid.com."
The breaches of OPM data are believed to have affected current and former federal employees, recent applicants for federal jobs, some industry contractors and -- thanks to the details demanded on the Standard Form 86 used for security clearances -- a wide range of applicants' family members, friends and acquaintances. OPM has not specified the number of individuals believed to be affected, but estimates have ranged from 4 million to upwards of 14 million.
Connect with the GCN staff on Twitter @GCNtech.