You just got an email saying your information was exposed in the OPM data breach. Wondering whether the email is the real deal or not? Here are a few things to look for:
-- OPM will be sending most breach notifications by email between June 8 and June 19. The email will come from this address: firstname.lastname@example.org. If you get an email about the breach from a different address, then it’s a scam. Don’t click on any links or provide any personal information.
-- The real email from email@example.com will include your name, your PIN, a button to “enroll now” and information about the CSID Protector Plus program. If you prefer, rather than clicking the “enroll now” button, you can go directly to CSID’s website to enter your PIN and enroll.
-- Here’s what to expect on CSID’s website: First, they’ll ask for your PIN or the last four digits of your Social Security number to make sure you are who you say you are. Next, if you choose to enroll in CSID's services you’ll be asked to provide additional personal information.
-- OPM will not call you about the breach. If you get a phone call saying it’s OPM, then it’s a scam. Don’t provide any personal information. CSID, not OPM, is making all contacts about this breach. The contacts will be by email or U.S. mail, not by phone.
If you’re still unsure whether the email you got is real, check OPM’s website for more information and updates. If you think you’ve been tricked by a phishing email or a fake call, then file a complaint with the FTC and forward the email to firstname.lastname@example.org.
Navy Marine Corps Intranet users who believe they have been the subject of a phishing attack, please follow the steps outlined on the NMCI Homeport: https://www.homeport.navy.mil/support/articles/report-spam-phishing-2010/