US-CERT Alerts of Phishing Campaigns Targeting OPM Hack Victims
iSpeech
Victims of the massive breach at the Office of Personnel Management (OPM) are being warned to remain cautious of scammers posing as official communication from the agency.
The United States Computer Emergency Readiness Team (US-CERT) issued an alert on Tuesday, stating it had become aware of suspicious domain names that may have been used in phishing campaigns impersonating as the organization or the contracted identity protection firm CSID.
“Https://opm.csid.com is the legitimate domain used by CSID, which is responsible for identity protection services for those affected by the recent data breach,” read the alert.
[adsense size='1']
Earlier last month, OPM announced that the personal information of as many as 18 million former, current and prospective federal employees had been exposed. In response, the company contracted CSID to provide 18 months of complementary identity monitoring services to those affected.
OPM had originally sent email notices to impacted individuals regarding the breach, including a link to the contractor’s site for them to enroll in credit monitoring and other protection services.
According to the Washington Post, however, federal workers reported they were hesitant to believe the emails were legitimate.
“We’ve seen such distrust and concerns about phishing,” OPM spokesman Sam Schumach told the Washington Post.
As a result, the agency turned to sending physical letters to those impacted, instead.
For more information and updates, US-CERT recommends users visit the OPM website.
Gloss