The Justice Department has issued a notice of a phishing scam targeting federal employees that is designed to capture Microsoft user credentials by requesting the user to reset a supposedly expired password.

“Numerous government agencies have been targeted, and anyone can easily become a victim,” it says “The email looks legitimate and includes a URL to link to a spoofed Microsoft screen. This screen appears authentic, but steals the user’s credentials, if the user completes the reset action. Once the credentials are stolen, users are redirected to a legitimate Microsoft website, while attackers begin performing malicious behavior using the stolen credentials.”


“Aside from stolen credentials or installing malware, when employees fall victim to a phishing attack, intellectual property theft can be the most devastating loss of all. Mission critical data, technological enhancements, or research supporting military programs or our legal and justice system can all be compromised by successful phishing attempts,” it says.

It says that federal employees should “take steps to protect yourself and the federal government” by: being on the lookout for suspicious or unsolicited emails, text messages, and phone calls; hovering a cursor over links to see the embedded URL; never providing sensitive personal information via websites, email, or by phone unless secure; and only opening email attachments “you are expecting and know what is contained—open Zip files with caution because malicious content may be enclosed.”

Characteristics of suspicious emails, it says, include: an unknown or unexpected sender and/or attachments; omission of the recipient’s name or inclusion of a part of the name the recipient typically doesn’t use; threats of suspension of an account; an assertion of urgency; and misspellings or incorrect grammar. Employees should immediately report any suspicious email to their system administrator or security operations center, it adds.