TSP 'attack': Was it phish or foul?

Tuesday - 3/18/2014, 2:00am EDT

Thanks to the Internet, it is possible to wreck your career, marriage or other aspects of your life in seconds. Advances in technology have also made it possible for others to do it for you, by stealing your ID and maybe draining your bank account too.

The career danger is even greater for feds, because of work-rules and the nature of their jobs. That's especially true for those in law enforcement, defense and homeland security jobs. But it also applies to workers at the Internal Revenue Service, Federal Aviation Administration, Securities and Exchange Commission and many others.

Feds are especially tempting targets for groups ranging from sophisticated crooks in Russia and the Ukraine to state-run operations from North Korea and China.

Names and data from the 4.5 million accounts in the federal Thrift Savings Plan — Uncle Sam's in-house 401(k) plan — are an especially tempting target. The TSP is where millions of federal civilian and military personnel, active and retired, have invested billions of dollars as part of their retirement nest egg.

On Saturday, The Washington Post reported that the TSP was the target of what was described as a well-intentioned Army "phishing expedition" effort to see if employees who got a mysterious email about the TSP would check their accounts.

The fake message went to about 100 Army civilian and military personnel, according to the report. But that set off a chain reaction. Apparently, thousands of confused, and in some cases nervous, TSP account holders got and then forwarded the fake check-your-account message to colleagues and friends throughout the government.

For many feds it was a not-so-fun déjà vu moment.

In May 2012, the TSP announced that just over 123,000 account holders were victims of a very real, very sophisticated cyber attack. The attack was apparently made nearly a year earlier, but the Federal Retirement Thrift Investment Board — the small federal agency that runs the TSP program — only learned from the FBI of the attack months after it happened.

At the time the attack was made public, account-holders were notified by mail that some or most of their information, including Social Security numbers and addresses, had been taken in the attack.

Federal agencies are prime targets for so-called spear-phishing actions for a variety of reasons. As security is tightened, the people seeking the information, ranging from teenagers at home and abroad as well as friendly and not-so-friendly governments, get better too.

Bottom line: Don't believe everything you read on the Internet. And if you get a JDLR (just-don't-look-right) message, think twice before opening or forwarding it.

And, as a well-meaning friend or older relative probably told you as a youth, "Don't do anything stupid!" In the cyber world, that's easier said than done.

ONLINE CHAT: Sign up now for a free online chat with benefits and retirement experts Mike Causey and Tammy Flanagan, March 19, at 11 a.m. Tammy, the senior benefits director at the National Institute of Transition Planning, will answer all of your retirement questions. Click here to register today.


NEARLY USELESS FACTOID

Compiled by Jack Moore

McDonalds first rolled out the Shamrock Shake — the mint-flavored seasonal favorite — in 1970 under the name "St. Patrick's Day Shake." In its modern form, the beverage contains 820 calories, equivalent to about 1 and 1/2 Big Macs.

(Source: Huffington Post)


MORE FROM FEDERAL NEWS RADIO

Discrimination contributing to employee training dissatisfaction?
Budget cuts, alone, can't explain employees' sinking satisfaction with training, according to a new analysis prepared by the Tully Rinckey law firm in Washington, D.C., which specializes in federal employment law. As dissatisfaction with training opportunities has intensified in recent years, the number of Equal Employment Opportunity complaints alleging discrimination in training opportunities have also shot upwards, according to the firm's analysis.

What can USPS learn from TRICARE in funding retiree health care costs?
As lawmakers consider efforts to shore up the Postal Service's financial footing, there's still widespread disagreement over whether the current requirement for the agency prefunding requirement is fiscally responsible, as Rep. Blake Farenthold (R-Texas) argued during a House Oversight and Government Reform subcommittee hearing Thursday, or an "onerous mandate" only required of the Postal Service, as Rep. Stephen Lynch (D-Mass.) contended.