Last year, hackers exposed U.S. government databases in the Office of Personnel Management (OPM), compromising the information of at least 22.1 million people.
Recently, hackers began to capitalize on their success at OPM by sending phishing emails to millions of recipients.
In this recent attack, the hackers sent an email from a user masquerading as an OPM “Account Manager.”
The e-mail notified recipients of “suspicious movements” on an account and directed them to open an attachment. This attachment used ransomware to lock users out of their computers until the users paid money to the hackers.
There are several indicators to help you properly identify malicious emails, such as:
- An unknown sender, like the OPM Account Manager
- A link or URL that requests immediate action
- Misspellings and grammatical errors
- Requests for login credentials or passwords
If you see any of these characteristics in an e-mail to your Postal Service account, immediately report a phishing attempt to the CyberSecurity Operations Center through CyberSafe@usps.gov.
For more information on how to properly report these incidents, download “The Right Way to Report Phishing Incidents” informational sheet on Blue.
The CyberSafe at USPS Blue and LiteBlue sites have additional tips on reporting potential threats.