Phishing schemes mimic OPM breach notifications

Phishing schemes mimic OPM breach notifications

It was probably inevitable:  The millions of Americans whose personal information may have been stolen from Office of Personnel Management databases must now worry about scammers trying to capitalize on the government's response to that breach.

A June 30 alert from the U.S. Computer Emergency Readiness Team warned that "US-CERT is aware of phishing campaigns masquerading as emails from [OPM] or the identity protection firm CSID." After the breach was disclosed on June 4, OPM contracted with CSID to notify affected personnel and promised free credit monitoring for those whose records were compromised.

US-CERT did not offer specific examples of the fake emails, but did urge recipients to report any suspicious messages.   The agency also reminded individuals that "the legitimate domain used for accessing identity protection services is"

The breaches of OPM data are believed to have affected current and former federal employees, recent applicants for federal jobs, some industry contractors and -- thanks to the details demanded on the Standard Form 86 used for security clearances -- a wide range of applicants' family members, friends and acquaintances.  OPM has not specified the number of individuals believed to be affected, but estimates have ranged from 4 million to upwards of 14 million.   

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected