Email Security Blog

What Does Federal Phishing Look Like?

Alex Ostrowski April 22, 2016 Government Secure Email
Fallback Featured Image

In a recent blog, where we covered why government bodies are prime targets for phishing, we asked whether you’d be able to recognize a spoofed email from a federal agency.

The truth is, a spoofed federal email looks very similar to a legitimate email you would expect to receive from government bodies. With the majority of people receiving regular emails from federal agencies, these emails are easy to access, and are therefore extremely easy to spoof.

A prime example of a high-profile federal phishing attack to hit the headlines was the U.S. Federal Government’s Office of Personnel Management (OPM) data breach. After the initial breach, OPM issued a statement to let people know that email was going to be the primary method of communication post-breach. Cyber criminals seized this opportunity to distribute almost identical phishing emails.

Phishing Sample

This was a widespread, high-impact phishing attack where cyber criminals had gone to great lengths to make the phishing email look almost identical to a real OPM email. However, as with general phishing, this email contained masked malicious links intending to trick the victim into clicking them. In this case, it was the ‘Enroll Now’ button. Fraudsters were also able to take advantage of OPM’s third party domain,, to create a deceptively similar version to trick users. Other warning signs to look out for are messages that only contain links or attachments or contain a large amount of spelling and grammatical errors. However, cyber criminals rely on people’s fear of inaction at a federal instruction and know that citizens will not look too closely at the message.

But it’s not just citizens who are at risk from federal phishing campaigns. Cross agency spear phishing is another threat facing government bodies, and is used explicitly to pry out top secret information. With federal spear phishing for example, instead of sending out a blanket email to a department hoping someone will fall for the attack, cyber criminals impersonate a specific person at one government body over email, targeting an employee from another agency. Due to the high amount of cross agency activity, cyber criminals are able to latch onto this flow of communication to seamlessly plant themselves into the treasure troves of information the federal space holds.

A common spear phishing example in the private sector is when an email seemingly from a CEO/CFO is sent to member of staff asking for a specific sum of money to be transferred into an unknown account. Spear phishing emails may contain a link, directing the victim to a malicious page, or it will be an email asking for passwords, financial details or other protected information. When translated to a federal situation, the impact has the potential to be extremely destructive. In fact, anti-phishing and malware defence was added as a Cross-Agency Priority (CAP) goal in FY15.

So how can federal bodies protect themselves? Watch our latest webinar to learn more about our approach to stopping spear phishing attacks.

Agari Blog Image

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

Executive branch DMARC adoption hits 81%—but with roughly 90 days to go, most have yet…

Agari Blog Image

January 16, 2018 Fareed Bukhari

Federal Government DMARC Adoption Surges Ahead of DHS BOD 18-01 Deadline, but More Work Remains

The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has…

Agari Blog Image

December 18, 2017 Patrick Peterson

Email Security and the New DHS Directive 18-01

On October 16, 2017, the Department of Homeland Security (DHS) issued Binding Operational Directive 18-01…

Agari Blog Image

December 15, 2017 John Wilson

How to Create an Agency Plan of Action for BOD 18-01

The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in…

Agari Blog Image

November 13, 2017 John Wilson

DHS' BOD 18-01 for Email Security: What You Need to Know

Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of…

mobile image