Suspicious OPM email ignored by entire government thanks to cyber awareness training
By Fat Ghengis
THE INTERNET — Cybersecurity experts across the country are quietly commending the collective cyber awareness of the federal workforce after a blatant phishing attempt on Saturday afternoon went collectively ignored.
“Aye, that jawn was hella sus [sic], for real for real,” observed Zeke “Zoomer” Cooper, 23, an engineer with the Naval Sea Systems Command. “I’ve seen more convincing emails from Nigerian royalty.”
The email, flagged with high importance and simply titled, “What did you do last week?” intruded into every government employee’s official mailbox and prompted them for a bulleted summary of their professional accomplishments by 11:59 p.m. EST on Monday, Feb. 24.
“I don’t get it, so like, a WAR [weekly activity report]?” asked Jennifer Palmer, 43, a contract management specialist with the Department of the Army. “The thing I submit to my supervisor every Friday before I clock out for the weekend using a very established process that best encapsulates my activities in a format that provides leadership with a structured and digestible understanding of their subordinates’ achievements in a manner that, in turn, informs the decision-making cycle of their supervisors and facilitates organization-wide transparency?”
The email, sent from an address affiliated with the Office of Personnel Management (OPM), did not include a signature block nor any indication of the sender’s identity and bypassed organizational spam filters, leading security experts to suspect another compromise within OPM.
Security savant Robbie Helleman, 33, whose previous experiences include a two-week probationary stint at the Cybersecurity and Infrastructure Security Agency (CISA) before being unceremoniously fired, cautioned that while federal workers were correct to ignore the email, said that concerns should not be downplayed and emphasized the need for vigilance.
“We can deduce that an outsider compromised this account since it originated from a valid opm.gov address,” Helleman said. “It’s too early to know the sender’s true motives, but malign cyber actors tend to be narcissists who love attention, especially notoriety.”
Helleman credited a security-focused mindset cultivated by more than a decade of mandatory annual cyber awareness training for government employees in thwarting the attempt.
“Thank you, Jeff! Thank you, Tina! Your service is not forgotten,” he exclaimed.
While the general response to a cyber campaign of this scale could be best described as cavalier, if not slightly contemptuous, some federal workers feel this incident was just too close for comfort.
“The thought of getting fired for opening spam and risking the compromise of our nation’s most sensitive secrets to an unauthorized outsider makes me shudder,” said Annie Simmons, 56, a long-time cryptologist at the National Security Agency.
“Can you imagine? Losing your job over a fake email that came in over the weekend?” she posited. “What a time to be alive.”
Fat Ghengis has never fallen for spam because he never checks his email.
