- Is Trump defiling the U.S. flag in this MAGA dude’s artwork? Sunday 4:41 PM
- White woman claims she invented sleep bonnets, selling them for $100 Sunday 4:03 PM
- Even real cats are transfixed by the enigma that is the ‘Cats’ trailer Sunday 3:04 PM
- Wait, how tall is Peppa Pig? Sunday 1:55 PM
- Twitter suspends Iranian state media outlets for harassing members of a religious minority Sunday 1:06 PM
- Pro-MAGA pageant queen stripped of title over ‘offensive’ tweets Sunday 11:52 AM
- Marvel unveiled its Phase 4 plans at San Diego Comic-Con Sunday 9:16 AM
- How a queer Instagram is helping fight the opioid epidemic in Appalachia Sunday 6:30 AM
- Philadelphia to fire 13 officers for racist, violent Facebook posts Saturday 6:12 PM
- Nick Offerman is so down to play every single role in ‘Cats’ Saturday 4:27 PM
- Woman documents how airport staff broke her wheelchair Saturday 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Saturday 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream (updated) Saturday 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Saturday 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Saturday 9:06 AM
Hackers target federal employees with phishing emails after OPM breach
If you’re a federal employee, the aftermath of the OPM breach is only getting worse.
Federal employees are being targeted by multiple phishing campaigns posing as identity-theft prevention services in the latest fallout from the largest government data breach in U.S. history.
The U.S. Computer Emergency Readiness Team (US-CERT) warned federal employees about the attacks in an alert posted on Tuesday.
Hackers infiltrated the Office of Personnel Management (OPM), the government’s HR agency, and rifled through its systems for more than a year, compromising the records of as many as 18 million federal employees, including FBI agents and members of the military.
Anonymous government officials have told the press that the attack was the work of Chinese hackers, but the Obama administration has yet to officially accuse Beijing of responsibility.
A phishing attack involves a malevolent actor posing as a legitimate entity—in this case, OPM or the identity-protection firm CSID—in an attempt to lure a user into giving up personal information. The message is intended to look as legitimate as possible, and many people have fallen for phishing emails and unknowingly handed over their information to hackers.
In addition to requesting specific information, phishing emails also ask users to visit websites laden with malicious code that infects the user’s computer. The malware can then steal documents, capture keystrokes like passwords, or use the computer to distribute more malware in what is known as a botnet.
US-CERT asked federal employees who received suspicious messages to report them to the team.
Illustration by Fernando Alfonso III
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.