TSP officials say few plan members fell for ‘phishing’ scam

Thrift Savings Plan officials said Monday that they think few people were taken in by an e-mail hoax targeting participants in the 401(k)-style retirement plan for federal employees.

The scam first came to plan administrators' attention last Thursday, when calls began arriving around 2 p.m. regarding a suspicious e-mail, according to a TSP official who asked not to be named. The message guided recipients to a TSP look-alike Web site and sought personal data, including Social Security numbers and TSP personal identification numbers, the official said. Visitors then were prompted for credit card, ATM and account information.

About 500 people called TSP Thursday about the suspicious e-mails, and officials responded around 6 that evening by suspending online transactions on the legitimate Web site, the official said. The FBI was alerted, and users of the TSP site were warned of the scam.

By Friday morning, the link to the fraudulent site no longer worked, the official said, and online access was restored Friday afternoon. The official said online withdrawals and loans initiated since Thursday are being reviewed internally before being processed, with a delay of up to two days expected.

Plan officials said this is the first known "phishing" scam -- in which perpetrators entice users to divulge confidential data by impersonating a legitimate online business -- to target the TSP. They did not know how the perpetrators developed their e-mail distribution list, which included both TSP members and non-members, some of whom had no connection to government employment.

Plan officials emphasized that individuals should never divulge personal, credit or banking information in response to unsolicited e-mails, and noted that the plan does not store participant e-mail addresses.

TSP uses e-mail to communicate with members only in limited circumstances in which the member requests one-time e-mail notification, the plan official said, and would never request credit card information or an ATM number.

Plan participants should have been suspicious to receive an unsolicited message regarding their account, the official said, though he noted that the page where users were directed to enter their Social Security number closely resembled a legitimate TSP Web page. Grammatical errors on the second page, where credit card information was solicited, should have been a red flag.

"If you see this message means that your account is bloked and u got a notification email," the page read, directing the user to fill in the requested information. "After that u must wait 5 min. and you will can login to your TSP account ; And please don't say user and password to anybody."

The official said that though few participants had reported falling for the trick and divulging personal information, TSP call center staff members are prepared to assist those who did. Affected plan members should call 1-877-968-3778.