What Does Federal Phishing Look Like?

In a recent blog, where we covered why government bodies are prime targets for phishing, we asked whether you’d be able to recognize a spoofed email from a federal agency.

The truth is, a spoofed federal email looks very similar to a legitimate email you would expect to receive from government bodies. With the majority of people receiving regular emails from federal agencies, these emails are easy to access, and are therefore extremely easy to spoof.

A prime example of a high-profile federal phishing attack to hit the headlines was the U.S. Federal Government’s Office of Personnel Management (OPM) data breach. After the initial breach, OPM issued a statement to let people know that email was going to be the primary method of communication post-breach. Cyber criminals seized this opportunity to distribute almost identical phishing emails.



This was a widespread, high-impact phishing attack where cyber criminals had gone to great lengths to make the phishing email look almost identical to a real OPM email. However, as with general phishing, this email contained masked malicious links intending to trick the victim into clicking them. In this case, it was the ‘Enroll Now’ button. Fraudsters were also able to take advantage of OPM’s third party domain, csid.com, to create a deceptively similar version to trick users. Other warning signs to look out for are messages that only contain links or attachments or contain a large amount of spelling and grammatical errors. However, cyber criminals rely on people’s fear of inaction at a federal instruction and know that citizens will not look too closely at the message.

But it’s not just citizens who are at risk from federal phishing campaigns. Cross agency spear phishing is another threat facing government bodies, and is used explicitly to pry out top secret information. With federal spear phishing for example, instead of sending out a blanket email to a department hoping someone will fall for the attack, cyber criminals impersonate a specific person at one government body over email, targeting an employee from another agency. Due to the high amount of cross agency activity, cyber criminals are able to latch onto this flow of communication to seamlessly plant themselves into the treasure troves of information the federal space holds.

A common spear phishing example in the private sector is when an email seemingly from a CEO/CFO is sent to member of staff asking for a specific sum of money to be transferred into an unknown account. Spear phishing emails may contain a link, directing the victim to a malicious page, or it will be an email asking for passwords, financial details or other protected information. When translated to a federal situation, the impact has the potential to be extremely destructive. In fact, anti-phishing and malware defence was added as a Cross-Agency Priority (CAP) goal in FY15.

So how can federal bodies protect themselves? Watch our latest webinar to learn more about our approach to stopping spear phishing attacks.