It’s NOT the FTC calling about the OPM breach

No individual, business or government entity is solely responsible for securing the Internet. Everyone has a role in securing their part of cyberspace, including the devices and networks they use.— Graphic by Shutterstock.com
— Graphic by Shutterstock.com

By Lisa Weintraub Schifferle, Attorney, FTC, Division of Consumer and Business Education

If you’re an OPM data breach victim, you probably know to look out for identity theft. But what about imposter scams? In the latest twist, imposters are pretending to be the FTC offering money to OPM data breach victims.

Here’s how it works: A man calls and says he’s from the FTC and has money for you because you were an OPM data breach victim. All you need to do is give him some information.

Stop. Don’t tell him anything. He’s not from the FTC.

One fake name the caller used was Dave Johnson, with the FTC in Las Vegas, Nevada. There’s not even an FTC office in Las Vegas. The FTC won’t be calling to ask for your personal information. We won’t be giving money to OPM data breach victims either.

That’s just one example of the type of scam you might see. You may get a different call or email. Here are some tips for recognizing and preventing government imposter scams and other phishing scams:

  • Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know to be correct. Never provide financial information by email.
  • Don’t wire money. The government won’t ask you to wire money or put it on a prepaid debit card. Also, the government won’t ask you to pay money to claim a grant, prize or refund.
  • Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a government agency, even when they are not. Federal agencies will not call to tell you they are giving you money.

If you’ve received a call or email that you think is fake, report it to the FTC at www.ftc.gov. If it’s an email that relates to the OPM breach, you also can forward it to US-CERT at phishing-report@us-cert.gov. If you gave your personal information to an imposter, it’s time to change those compromised passwords, account numbers or security questions.

Concerned about identity theft? Visit www.identitytheft.gov/info-lost-or-stolen.html. For more information about the OPM breach, visit www.opm.gov/cybersecurity.