Justice orchestrates TSP hoax to test employees on security
Department did not coordinate with TSP’s oversight board when it sent a phony e-mail to employees asking for personal information.
A hoax involving the Thrift Savings Plan that was designed to test Justice Department employees' vulnerability to Internet scams was not coordinated with the Federal Retirement Thrift Investment Board, a TSP spokesman said on Friday.
"We went into full battle mode on Monday, put information up on our Web site as soon as we had it to warn people about it," said Tom Trabucco, director of external affairs for the board.
The ruse, orchestrated by Justice, offered employees bailouts if the value of their Thrift Savings Plan had fallen 30 percent in recent months.
According to the Associated Press, the phony e-mail initially was sent by Justice to its employees two weeks ago, giving them a Jan. 31 deadline to provide personal information that might help them recover money they lost as the value of TSP funds plummeted along with the stock markets. The TSP board did not learn until Jan. 28 that the e-mail was a hoax crafted by the department as a security test, and not a genuine phishing scheme, Trabucco said.
By then TSP administrators already had made numerous efforts to prevent the scam from spreading. They worked with the Homeland Security Department's Computer Emergency Readiness Team to trace the Web site to which the e-mail directed recipients, and then asked a TSP contractor to shut down the site. When the contractor could not close the site, they deactivated it, and monitored the site every 20 minutes to see whether information was being collected.
When TSP officials discovered that Justice, rather than a criminal or commercial entity, was responsible for the e-mail, they took down warnings from the TSP's Web site. But Trabucco said that as late as 11:01 a.m. on Friday, the General Services Administration had e-mailed his office to warn the board about the hoax, suggesting that word of the scam had spread beyond Justice and continued to cause concern.
"If you're going to do something like this, it needs to be coordinated, so when it's done, it can be shut down," Trabucco said, though he declined to criticize Justice specifically. "What I have heard is that DoJ or Bureau of Prisons sent out an e-mail on Wednesday about this to their employees, but it had spread beyond Justice, and I don't know how they're going to deal with that."