U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Podcast: Phishing at the EPA

September 29, 2017

Al Bailey, a special agent in the EPA OIG's Office of Investigations, discusses a phishing scam at the EPA.

Podcast: Phishing (mp3)


 

More Podcasts: Listen to our staff talk about their latest audit reports, investigative functions and other initiatives.

Image Gallery: Images associated with podcast (click to enlarge)

Gallery Image 1: EPA email
This image shows some of the 1,700 EPA emails gathered from the internet by the “phishers.” The EPA is an “open” federal agency, which means a lot of its contact information is readily available and found online.
Gallery Image 2: Phishing email example
This file shows the actual email sent by the “phishers” to EPA employees. It is believed that the misspellings and other errors found in these types of “phishing” emails are deliberate techniques to target vulnerable populations.
Gallery Image 3: Remote log-in page
This file shows the remote log-in page constructed by the “phishers,” which was found on a Mexican newspaper’s website. It looks almost identical to the EPA’s actual log-in page. The “phishers” collected the information that EPA employees entered into this page. Armed with these usernames and passwords, the “phishers” could then access the federal email accounts of those employees and assume their identities.
Gallery Image 4: Captured EPA credentials
This file shows the report that the “phishers” received after the “phished and caught” EPA employees entered their information into the made-up log-in page. 
Gallery Image 5: Compromised EPA email
This file shows an actual email between an office supply vendor and the “phishers” using an unwitting EPA employee’s email account. 
Gallery Image 6: Invoice of toner order
This file shows an actual invoice for an order of toner placed by the “phishers.” The “phishers” paid for their purchases with credit cards stolen in a separate phishing scam. Note also the valid U.S. address provided for the order. The “phishers” hired unwitting U.S. citizens to serve as shipping intermediaries.  
Gallery Image 7: Phishing email sent to personal emails
This file shows a “phishing” email sent to personal email accounts, like Hotmail and Yahoo. 
Gallery Image 8: Phishing email sent to bank customers
This file shows a “phishing” email sent targeting USAA Bank account holders, for the purpose of stealing their financial information.