Phishing schemes mimic OPM breach notifications

Phishing schemes mimic OPM breach notifications

It was probably inevitable:  The millions of Americans whose personal information may have been stolen from Office of Personnel Management databases must now worry about scammers trying to capitalize on the government's response to that breach.

A June 30 alert from the U.S. Computer Emergency Readiness Team warned that "US-CERT is aware of phishing campaigns masquerading as emails from [OPM] or the identity protection firm CSID." After the breach was disclosed on June 4, OPM contracted with CSID to notify affected personnel and promised free credit monitoring for those whose records were compromised.

US-CERT did not offer specific examples of the fake emails, but did urge recipients to report any suspicious messages.   The agency also reminded individuals that "the legitimate domain used for accessing identity protection services is https://opm.csid.com."

The breaches of OPM data are believed to have affected current and former federal employees, recent applicants for federal jobs, some industry contractors and -- thanks to the details demanded on the Standard Form 86 used for security clearances -- a wide range of applicants' family members, friends and acquaintances.  OPM has not specified the number of individuals believed to be affected, but estimates have ranged from 4 million to upwards of 14 million.   

About the Author

Connect with the GCN staff on Twitter @GCNtech.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group