Feds warn: Hackers sending fake emails to OPM hack victims

The government is warning that scammers are targeting victims of the recent massive federal data breach with fake emails made to look like they are from the government.

The Office of Personnel Management (OPM) revealed in early June that millions of federal workers’ data had been exposed by multiple hacks at the agency. Through a contracted identity monitoring company, CSID, the OPM has been notifying the victims.

{mosads}Initially, the OPM sent emails with links to information on a complementary 18 months of identity monitoring services with CSID.

But savvy hackers, knowing this would happen, have also been sending fake OPM emails to these same people, according to an alert the U.S. Computer Emergency Readiness Team (US-CERT) issued late Tuesday.

The OPM has already stopped sending its own email notifications. Federal workers reported they were scared to even click on links in the legitimate emails. In response, the agency started relying solely on physical letters.

“We’ve seen such distrust and concerns about phishing,” OPM spokesman Sam Schumach told The Washington Post recently.

US-CERT warned those affected by the hack that https://opm.csid.com is the legitimate website with information on the free identity protection services.

Federal workers unions have clashed with OPM over its handling of the breach, accusing the agency of withholding information and failing to help get people the identity monitoring services it promised.

The nation’s largest government employees union, the American Federation of Government Employees (AFGE), on Monday vented its anger in a lawsuit filed against the OPM.