Victims of the massive breach at the Office of Personnel Management (OPM) are being warned to remain cautious of scammers posing as official communication from the agency.
The United States Computer Emergency Readiness Team (US-CERT) issued an alert on Tuesday, stating it had become aware of suspicious domain names that may have been used in phishing campaigns impersonating as the organization or the contracted identity protection firm CSID.
“Https://opm.csid.com is the legitimate domain used by CSID, which is responsible for identity protection services for those affected by the recent data breach,” read the alert.
Earlier last month, OPM announced that the personal information of as many as 18 million former, current and prospective federal employees had been exposed. In response, the company contracted CSID to provide 18 months of complementary identity monitoring services to those affected.
OPM had originally sent email notices regarding the data breach to impacted individuals, including a link to the contractor’s site for them to enroll in credit monitoring and other protection services.
According to the Washington Post, however, federal workers reported they were hesitant to believe the emails were legitimate.
“We’ve seen such distrust and concerns about phishing,” OPM spokesman Sam Schumach told the Washington Post.
As a result, the agency suspended its email notifications and turned to sending physical letters, instead.
For more information and updates, US-CERT recommends users visit the OPM website.