OPM Hack Update
As a response to the OPM hack that occurred last December, Office of Personnel Management (OPM) Director Katherine Archuleta and Director of National Intelligence James Clapper signed a memo July 2 outlining the new interim process that will be in place for at least the next four (4) weeks while the e-QIP service remains shut down. Archuleta and Clapper said in a joint statement that the “interim procedures should “address agencies’ requirements and reduce the likelihood of interruptions in the on-boarding of employees while prudently minimizing any security risks.”
Also, a new phishing alert was also released on June 30, bringing to light that there are suspicious domain names that may be used in phishing campaigns masquerading as official communication from the OPM or the identity protection firm CSID. DHS told employees and retirees only to use domains coming from https://opm.csid.com — the contractor providing identity management protection services to victims of the first cyber-attack. So the email should look like firstname.lastname@example.org (the text following after the @ symbol is the domain name).
In addition, SaalexIT would like to point out that official emails from government officials are typically digitally signed. How to spot this:
- Look for the red ribbon icon in your email which shows that an email is signed.
- Check to see if the digital signature is trusted by an official Certificate Authority. Typical government digital certificates are authorized by a DoD Root CA.
General Email Security Tips
In response to this new phishing alert, SaalexIT would like to provide a list of red flags you should generally be on the lookout for:
- Phishing scam type 1. An official OPM or CSID message that will include a malicious link or malicious attachment. The message will try to convince the victim to click on the link or open the attachment, thereby infecting their system with a Trojan capable of stealing additional information and granting an attacker backdoor access into the system. Malicious attachments can be almost any file type including Microsoft Office documents or Adobe PDF files.
- Phishing scam type 2: credential phishing. An attacker attempts to get a user to divulge login or other sensitive information. Credential phishing can use fraudulent websites designed to look like webmail or other account logins. They can also simply request that users reply to an email with the requested information. Additionally, attackers might even use text messages or phone calls to attempt to get account or other sensitive information from users.
- Phishing scam type 3: impersonating co-worker or close person. Scammers would impersonate as someone in your company and may even spoof the email so it looks exactly like the domain name. If the email looks suspicious, check the message headers of the email and see where the email is coming and/or contact your IT.
- Domain names that look legit but use similar looking letters. One example on Wikipedia: a person frequenting Citibank.com may be lured to click a link in which the Latin C is replaced with a Cyrillic С.
- Embedded images in emails. Even though viewing the phishing email alone is generally not enough to infect a system or compromise information, loading images embedded in emails can give attackers or advertisers information about whether the email address is legitimate, and whether you received and viewed an email. Best practices recommend that you do not load images embedded in emails from untrusted sources.
- Executable files inside a zip as a PDF or Office document.
- Macros in a specific document.
Exercise caution, be careful with clicking links and opening attachments, make sure you view the full email address or link, and focus on the actual domain name, which is the part just before the dot-com, dot-org or dot-gov to assure this matches the organization you think sent the email.
Saalex Information Technology (SaalexIT) is a Managed Services Provider that can help protect your organization. Contact one of our IT regional offices, California (805) 222-4977 or Florida (321) 604-6165 or check out our website for a full list of our offered services.
Email Security Resources
OnGuard Online: http://www.onguardonline.gov/phishing
OpenDNS Phishing Project: http://www.opendns.com/phishing-protection