“US-CERT is aware of phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID. For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com,” yesterday’s advisory states.
Those two sentences are the extent of the government’s description of the schemes.
Analysts say the threat could be a broad-brush campaign spamming people who have dot-gov email addresses or people identified as government workers on mailing lists. The phishing emails then bait them to reply with personal information or visit a website that steals their credentials.
“It would be pretty easy to target these emails to dot-gov email addresses,” said Johannes Ullrich, dean of research at the SANS Technology Institute, a cybersecurity training center.
It’s unclear whether ID thieves are preying on feds fearful that they have been victimized by the OPM breach or whether the OPM cyberspies are at it again.
“Could be either,” Ullrich said. “But more likely ID thieves.”
It was only a matter of time before this happened.