Following the recent security breach at the Office of Personnel Management (OPM), it has been revealed that the OPM has sent e-mail notices to hundreds of thousands of federal employees to notify them of the breach and recommend that they click on a link to a private contractor’s Web site to sign up for credit monitoring and other protections. However, the e-mails have been met with increasing alarm by recipients, concerned they are being targeted by phishing attacks.In response to the actions taken by OPM, please see below comments from Kevin Epstein, VP of Advanced Security and Governance at Proofpoint.
Kevin Epstein, VP of Advanced Security and Governance at Proofpoint
“Concerns that seemingly legitimate warnings could be phishing attacks are quite rational. Our research has shown that historically email warnings about compromised accounts were the second most common tactic used by phishing campaigns, exceeded only by social invites. While this year has seen a dramatic shift to attachments, often using Microsoft Office macros, links in email remain highly suspect. Best practice is still to not click. Rather, visit the main domain of a well-established website such as www.opm.gov directly, and navigate from their to the area of concern.”
[su_box title=”About Kevin Epstein” style=”noise” box_color=”#336588″]
Kevin Epstein is a Silicon Valley marketing executive with a Stanford MBA, a degree in high-energy nuclear physics, several technology patents in his name, founding experience at three successful small-business retail ventures, and more than fifteen subsequent years of experience in guerrilla marketing tactics at companies including Netscape, RealNetworks, Inktomi, VMware, and Scalent Systems.He has spoken at seminars addressing top executives from the Fortune 500, has been a popular guest lecturer at the Stanford Graduate School of Business and School of Engineering, and has received various awards for his impact on sales and lead generation.Kevin also serves as an outside adviser to various venture-backed and individual entrepreneurial start-up companies.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.