I'm passing this along from a post on our Facebook Page (https://www.facebook.com/tsptalk/posts/715231401850957):


Hello TSP Talkers,

Have any of you recently received an email from someone purporting to be the TSP? This is a phishing scam. We're doing a story and I'm looking for feds who got these fake emails. Please contact me? Lisa.Rein at(@) washpost dot com . Thank you so much.

Lisa Rein

Not me, thanks Tom!

I was going to point Lisa to this thread but it sounds like nobody has received one of these emails?

I was going to point Lisa to this thread but it sounds like nobody has received one of these emails?

Is Lisa legit or is she phishing for our emails? :notrust:

The real question is: are you legit? Only someone this suspicious would think of something so devious. jk, but just in case: who won the 1941 World Series? :D


She appears to be real. The facebook page she sent her request from looks legit. https://www.facebook.com/lisa.rein.18/about

USDA budget includes more funding for broadband access to rural communities (http://www.washingtonpost.com/blogs/federal-eye/wp/2014/03/04/usda-budget-includes-more-funding-for-broadband-access-to-rural-communities/)

The real question is: are you legit? Only someone this suspicious would think of something so devious. jk, but just in case: who won the 1941 World Series? :D


She appears to be real. The facebook page she sent her request from looks legit. https://www.facebook.com/lisa.rein.18/about

USDA budget includes more funding for broadband access to rural communities (http://www.washingtonpost.com/blogs/federal-eye/wp/2014/03/04/usda-budget-includes-more-funding-for-broadband-access-to-rural-communities/)

NY Yankees.....:laugh: Brooklyn Dodgers lost. If she tells ya otherwise, I'd be suspicious :D

I posted too soon. I checked out the Washington post and both her emails are in there. :embarrest:

[QUOTE=tsptalk;447024]The real question is: are you legit? Only someone this suspicious would think of something so devious. jk, but just in case: who won the 1941 World Series? :D


She appears to be real. The facebook page she sent her request from looks legit. https://www.facebook.com/lisa.rein.18/about

HI all, I am legit, although I don't know who won the 1941 World Series, sorry! To the person who wondered if I'm legit--did you or anyone you know get the TSP phishing email? Thanks for much for helping me with this.Lisa

HI all, I am legit, although I don't know who won the 1941 World Series, sorry! To the person who wondered if I'm legit--did you or anyone you know get the TSP phishing email? Thanks for much for helping me with this.Lisa
Welcome to TSPTalk, Lisa:D No, I didn't get any phishing emails and don't know anyone else that has.

Updated 24 Feb 2014 on the TSP website: Phishing, E-mail Scams, and Bogus Websites (https://www.tsp.gov/whatsnew/plan/planNews.shtml#phishing)

More information on that Phishing scam back in Feb and March::



Thrift Savings Plan officials went into damage control mode in February when a stranger appropriated the TSP trademark and propped up a fake federal retirement fund website for a phishing scheme. Internal emails reveal that officials governmentwide struggled for two weeks to positively identify the perpetrator.

It turned out the bogus email campaign was innocuous -- part of an Army cybersecurity training exercise. But nobody bothered to tell TSP. Now the agency is buying brand management software and changing password requirements (http://www.nextgov.com/cybersecurity/cybersecurity-report/2014/05/feds-you-need-fix-your-tsp-passwords/83965/) to make sure friends or foes don't do this again.
Officials at TSP, which suffered a real breach (http://www.govexec.com/magazine/features/2013/09/beyond-breach/69791/) in 2011 that compromised the identities of 123,000 retirement savers, have some experience in threat containment. The agency’s chief information security officer and others saw the messages spreading online around Feb. 19and quickly traced the hoax back to an Army server and confronted Defense Department officials with their findings.

"Everything is intentionally fake. Street is MyStreet, organization is MyOrg,” TSP CISO John Ramsey said in an email, while trying to pinpoint the culprit with his colleagues. “I will give their CISO the politically 'what for' for not coordinating with us first.”

Nextgov obtained his messages and other internal correspondences through an open records request.

The sham emails were sent by accountservices@tspgov.us and contained the subject head, "Thrift Saving Plan Alert: Passcode Reset;” and urged recipients to verify changes made to their accounts by visiting "www.tspgov.us (http://www.tspgov.us/)." The message quickly went viral among participants of the retirement plan, which serves 4.6 million federal employees and retirees.

The purpose of the bungled phishing drill, first reported in March by a number of news outlets was to test whether troops would divulge their credentials.
The Pentagon, for its part, took 13 days, from Feb. 11 to Feb. 24, trying to confirm the Army was to blame.







What a disaster. TSP was spoofed, and didn't say anything to members. I bet a lot of folks when and changed their passwords too. Yuk.


More: It Took Feds 13 Days to Unravel a TSP Cyber Hoax Perpetrated by... Feds - Nextgov.com (http://www.nextgov.com/cybersecurity/2014/05/it-took-feds-13-days-unravel-tsp-cyber-hoax-perpetrated-feds/84061/?oref=river)