As if federal employees didn't have enough to worry about, US-CERT is warning of a new phishing scam designed to lure them to malicious sites pretending to have important information about the Office of Personnel Management breach.
The cyber team at CERT put out an alert late Tuesday warning of phishing emails claiming to be from OPM and post-breach protection contractors CSID.
OPM Data Breach: What You Need to Know
Malicious emails might ask for personal information or for the reader to click through to a website, where malicious code can infect their systems. US-CERT notes the only official website for information on the breach is opm.csid.com.
If an email seems suspicious, OPM suggests reaching out to them or CSID directly using official contact information — not contacts provided in the questionable email.
Feds who get such an email are encouraged to forward the message to US-CERT at email@example.com.
"We see these sorts of phishing attempts after almost every single breach, particularly after breaches that have received widespread media attention," said CSID spokesman Patrick Hillmann.
Hillmann noted that any emails from CSID would come from sender "OPM CIO" and the associated email address firstname.lastname@example.org. He warned against clicking through on emails from any other address claiming to be a representative of CSID.
He also suggested feds reach out to their agency privacy officer with any concerns, as those individuals have been given information on validating emails from OPM and CSID.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.