US-CERT is aware of suspicious domain names that may be used in phishing campaigns masquerading as official communication from the Office of Personnel Management (OPM) or the identity protection firm CSID. Https://opm.csid.com is the legitimate domain used by CSID, which is responsible for identity protection services for those affected by the recent data breach.
US-CERT recommends that users visit the OPM website for more information. Users are also encouraged to read US-CERT's guidance on avoiding social engineering and phishing attacks and report suspicious emails.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.