In the wake of the disastrous OPM hack, the federal government is issuing email notifications to the 4.2 million federal employees affected by the breach. However, the Army’s firewall erroneously flagged these emails as phishing attempts.

Phishing refers to stealing someone’s personal information by masquerading as an otherwise trustworthy group such as, say, the Office of Personnel Management. Cybersecurity providers such as Norton Security stop phishing attempts by looking for certain red flags and safeguarding your email. Some phishing hints include dubious ‘Enroll Now’ links, requests for personal information and email addresses that don’t match the sender. Phishing is designed to deceive, so it can be difficult to identify without the proper software.

It just so happens that a legitimate OPM email had all those red flags.

635731786214223668-ARM-OPM-email-delete

To help federal employees monitor their identities, the OPM teamed up with a private company called CSID to send emails and gather their personal information. Mismatched email addresses? Check. Requests for personal info? Check. The words ‘Enroll Now’ emblazoned on the tops of the message? Checkity check.

The Army grew suspicious and issued a phishing warning through email and Facebook. The warning has since been redacted.