Part of the fallout from the Office of Personnel Management (OPM) data breach is the need to provide identify protection services to the millions of compromised government employees. In its efforts to provide these services to compromised federal workers, the OPM contracted with a private company.  That contractor, CSID, sent an email with a link to enroll in identity protection services.

ArmyTimes reports that acting upon warnings from the Army Threat Integration Center, Fort Meade’s Cyber Security Network Defense Team identified a message from CSID as a spearphishing attempt. The Fort Meade Cyber Security Network Defense Team warned Army personnel to “close the message immediately and report it as spam to the Cyber Security Network Defense Team,” according to a warning posted on the Fort Meade Facebook page.

fort meade

The message has lots of spearphishing red flags to trigger a warning.  For example:

  1. The from is a spoof — claiming to be from the OPM CIO, yet the email domain is not the “opm.gov” it is “csid.com”.
  2. The salutation is poorly personalized, “Dear Recipient”.
  3. This is a well-crafted message with a strong call to action designed for the recipient.
  4. There is a deadline that warns of undesired consequences.
  5. There are questionable links to csid.com, not opm.gov.
  6. Active links contravene OPM’s cybersecurity webpage that warns against clicking links.
  7. The email has an “enroll now” button which is a phishing red flag.

Despite these red flags, this is a real email that is the gateway to cyber protection!

These must be a better way!  There is — SP Guard from Iconix.