Federal Employees Confused By Emails
Are the emails claiming to be from the government that were sent to federal employees affected by China's cyberattack on the OPM real, or are they a phishing scam?
The OPM, Office of Personnel Management, sent emails to the hundreds of thousands of federal employees whose information had been stolen by Chinese hackers. The email alerted them to what had happened and included links for them to sign up for credit monitoring services as a precaution. Pretty standard stuff that we've seen in many of the numerous cyberattacks we've seen over the last couple years.
The problem is that many employees, given that their information has been compromised and don't really trust their employer's cybersecurity efforts, aren't sure if they can click the link or not. Many expressed a worry that the links included in the email could have been a phishing scam that could lead to further security woes.
OPM's use of emails with links in this matter are kind of laughable. For one thing, it shows a lack of awareness over what they've just gone through. For another, they have a policy of not clicking on unknown links.
In an effort to remove their cyberfoot from their cybermouth, emails have been sent with non-hyperlinked URLs to copy and paste into a browser.