It’s NOT the FTC calling about the OPM breach

If you’re an OPM data breach victim, you probably know to look out for identity theft. But what about imposter scams? In the latest twist, imposters are pretending to be the FTC offering money to OPM data breach victims.

Here’s how it works: A man calls and says he’s from the FTC and has money for you because you were an OPM data breach victim. All you need to do is give him some information.

Stop. Don’t tell him anything. He’s not from the FTC.

One fake name the caller used was Dave Johnson, with the FTC in Las Vegas, Nevada. There’s not even an FTC office in Las Vegas. The FTC won’t be calling to ask for your personal information. We won’t be giving money to OPM data breach victims either.

That’s just one example of the type of scam you might see. You may get a different call or email. Here are some tips for recognizing and preventing government imposter scams and other phishing scams

  • Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know to be correct. Never provide financial information by email. 
  • Don’t wire money. The government won’t ask you to wire money or put it on a prepaid debit card. Also, the government won’t ask you to pay money to claim a grant, prize or refund.
  • Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a government agency, even when they are not. Federal agencies will not call to tell you they are giving you money. 

If you’ve received a call or email that you think is fake, report it to the FTC. If it’s an email that relates to the OPM breach, you also can forward it to US-CERT at If you gave your personal information to an imposter, it’s time to change those compromised passwords, account numbers or security questions.

Concerned about identity theft? Visit For more information about the OPM breach, visit OPM’s website.


Like to know

I have received one email from of money my found.

It's so much fraud and you should never give personal information over the phone or online to anyone you don't know. This is a no brainer people.

Thank you for all the information you send on scams....very helpful

Got an e mail from Nigeria..regarding some nonsense about a debit card and a $75.00 dollar fee. Deleted it immediately but now Im concerned. Could the e mail infect my system and steal my data?

Hi nab1110,

Please click on this link for more information. It's also best to not open any unwanted or suspicious emails, and simply delete them to avoid any malware or spyware from potentially getting into your computer.

Thank you.

Anyone see any irony in an anonymous person giving you a link to open to find out more about phishing. I'm sure it's legit, I just found it amusing.

Yes the link it will send you to is legitimate: The link is "HTTP://".

Not really that ironic as all comments are reviewed before being posted. I doubt the FTC would allow a link to a scam to be posted.

I got an email saying CSID was the company providing identity theft protection. How do I know this is an email from OPM CIO as it claims?

The email will come from this address: If you get an email about the breach from a different address, then it’s a scam. Don’t click on any links or provide any personal information.
For more information, please see our previous post, Email from OPM – is it the real deal?

I have received 4 or 5 emails from: support They are asking me to log in and check the alerts. I do not remember if I even signed up with CSID. I remember doing something but it was with OPM. I am really confused now as to what is going on! I just received a new message today so I decided to check it out.

I received an email from a company called CSID stating that my identity was impacted by the OPM security breach. How can I know if this email is from CSID?

I had this fool call me. Give me a BS story. I asked for a address just in case. I then told him I live in Vegas and that address is in a residual part of the city. Hung up. End of game.


since my personnel information was not protected, and now "someone" on the black market has my detailed personnel information. Why do we only get offered 18 months of monitoring from CSID and why can't w pick our own company to monitor our info?

I agree with you. Why should I trust the Government to come up with the best tool to monitor my credit when they failed to protect my personal information in the first place. I pay for my own monitoring.

Received a hard copy letter from CSID, the website asks for a full SSN. Is it legit to provide such information?

If you were affected by the personnel data incident, you have   access to identity theft insurance and full-service identity restoration from CSID.
You can choose to enroll in other services. In general, if you want a company to monitor your accounts or see if anyone is misusing your Social Security number, you have to give the company information about yourself so they know what to check.
You can learn more about what OPM is doing at

Should we also notify the IRS in writing of the ID theft using the IRS form (Form 14039)?

If you know someone misused your personal information, go to to find out what to do right away.
If you know someone misused your information for income tax purposes, look at the "Other Steps" on They tell what to do in case of tax related ID theft. If you have tax related ID theft, you'll prepare the IRS affidavit form 14039.
If you get a notice that your personal information was exposed in a breach, but you haven't seen signs that anyone has misused your information, you wouldn't fill out the IRS affidavit form 14039. This page on tells what to do if your information was exposed in a breach.

Back about 2004 CECOM (I am a civilian) had a breach of PII. This was the first of many to follow, all of which have been government breaches. At that time we were offered credit monitoring for 1yr thru Equifax for all 3 credit bureau's and I continue to pay for this service to this day. Why should I increase this coverage with ID Experts? I am not asking for reimbursed or 3 future years funds. And also why do we have to take the initiative to start the "identity" portion of checks/ monitoring my PII? My opinion is to many companies being provided the information we wish to safeguard to safeguard.
Also, on the clearance background checks possible breach of immediate family/ business and personal acquaintances- only if they are under age 18 will this service be provided? What's up with that?

Go to for the most current information.
The OPM website states that it is offering

  • credit and identity monitoring, identity theft insurance, and identity restoration services for the next three years through ID Experts

to people affected by the background investigations report breach and to their dependent minor children who were under age 18 as of July 1, 2015.

I have been receiving calls from a scammer company trying to get me to pay for a payday loan from 2009. They were able to tell me my SS#, my old banking info and even called my emergency contact to threaten and try to intimidate us into paying the $950. They say they are going to proceed immediately if we do not pay now. It's all a scam and very annoying that they are constantly calling and now calling relatives and making them believe it's legit. They say they are from Global Solutions an arbitration company, African accent, and working with cells phones from different area codes. They will not provide an address but say they have 48 remote locations.

You're right, a scammer may have some of your personal information and use it to try and sound legitimate.
These are useful details for a complaint. Please report this to the FTC at The information goes into a database that law enforcement uses for investigations.

I just wired some money and my bank account information to a lawyer in Nigeria, and I am anxiously waiting for my $25,000,000 to be deposited into my bank account!

If you give someone your bank account number, you make it possible for them to take your money.

Very funny Mr. Brain. I hope no one really thinks you did that.

I just want to confirm that the letter I received from CSID, (supposedly) signed by Donna K. Seymour, Chief Information Officer, US Office of Personnel Management, is legit. I sent an email to OPM back in June, asking this same question, never received a response. Perhaps someone will respond on here.

Suggest you read the OPM pages regarding the services they are providing and by whom. I have used CSID and it is legit. It is not a government office or agency but a contracted information security business.

Thank you.

Go to the website and verify.

My neighbor received a phone call last month, saying it was the IRS, and they were going to sue her. It scared her because she was then working with IRS over a forged refund check . IRS does NOT call individuals for this reason. Former employee

Because of forged check deposited into my account Bank Liberty wants to close my account accusing me of being the one doing it

If someone forged your signature or misused your bank account number, contact your bank's fraud department.
Go to to see what to do when someone steals your personal or financial information.

I would just like a clear answer if information on Federal retirees was compromised - we keep hearing about current employees but what about our data?????

Go to for the most up to date information.  There are also questions and answers on
The OPM site says that in April 2015, OPM discovered that the personnel data of 4.2 million current and former Federal government employees had been stolen. Information including full names, birth dates, home address and Social Security numbers was affected. If you were affected by this, you should have gotten a notice from OPM by now.
OPM also discovered that some background investigation records of current, former, and prospective Federal employees and contractors were stolen. As of today, OPM hasn't started sending notices about the background investigation breach.

What if we've moved since our last investigation was done? How will OPM be able to reach us to let us know and provide us with the information?

Go to for the most current information.
OPM's website says that if you had a background investigation through OPM in 2000 or later, it's very likely that you are impacted by the incident involving background investigations.
As of September 11, 2015,  the OPM site says the Government makes every attempt to verify current mailing addresses of people who were affected. OPM will provide updates on how the verification process will work.
OPM expects to begin notifying people by late September.

So who are all these people giving advice -bridget small etc. Richard Cranium (alias for dick head) is the only one clearly a clown.

Many of the responses are from FTC staff, including cmiranda, ctressler and me (Bridget Small). You'll see that our responses often link to other FTC content and resources.

So who's bright idea was it to place this information where it could be hacked? Was it placed there for convenience? Too much sensitive information is placed where it can be accessed from the internet. Whoever did this needs to be disciplined and owes a lot of people a formal apology at the least.

Even more suspicious since our comments need to be reviewed before posted! Are Identity Theft Solutions LLC doing the reviewing?

OK, reviewed the info they have on my finances. Everything on there is related to credit cards and such. There was nothing on there with checking, savings, or CDs. Is this an oversight by the credit burrows or OPM. If these accounts are supposed to be a part of this protection, then how is that information included in what they are watching? You can use a lot with those accounts above and beyond the credit cards.

Your credit reports have information about where you live, how you pay your bills, your credit and debts, and whether you have ever been sued or filed for bankruptcy. This FTC article about Free Credit Reports explains more. The credit reporting companies sell the information in your report to creditors, insurers, employers, and other businesses that use it to evaluate your applications for credit, insurance, employment, or renting a home.
Credit reports do not typically include information about your checking and savings accounts or your investments. has information for people affected by the data breaches. It includes information about the services available to data breach victims.

Getting this type of Letter..

Anti-Terrorist And Monetary Crimes Division     FBI Headquarters, Washington, D.C.     Federal Bureau Of Investigation     J.Edgar Hoover Building 935 Pennsylvania Avenue, Nw Washington, D.C. 20535-0001

ATTENTION: BENEFICIARY This e-mail has been issued to you in order to Officially inform you that we have completed an investigation on an International Payment in which was issued to you by an International Lottery Company. With the help of our newly developed technology (International Monitoring Network System) we discovered that your e-mail address was automatically selected by an Online Balloting System, this has legally won you the sum of $2.4million USD from a Lottery Company outside the United States of America.

During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be paid to you via INTERNATIONAL CERTIFIED BANK DRAFT. Normally, it will take up to 5 business days for an INTERNATIONAL CERTIFIED BANK DRAFT by your local bank. We have successfully notified this company on your behalf that funds are to be drawn from a registered bank within the world winded, so as to enable you cash the check instantly without any delay, henceforth the stated amount of $2.4million USD has been deposited with IMF.

We have completed this investigation and you are hereby approved to receive the winning prize as we have verified the entire transaction to be Safe and 100% risk free, due to the fact that the funds have been deposited with IMF you will be required to settle the following bills directly to the Lottery Agent in- charge of this transaction whom is located in Cotonou, Benin Republic.

According to our discoveries, you were required to pay for the following, (1) Deposit Fee's ( IMF INTERNATIONAL CLEARANCE CERTIFICATE ) (3) Shipping Fee's ( This is the charge for shipping the Cashier's Check to your home address) The total amount for everything is $96.00 We have tried our possible best to indicate that this $96.00 should be deducted from your winning prize but we found out that the funds have already been deposited IMF and cannot be accessed by anyone apart from you the winner, therefore you will be required to pay the required fee's to the Agent in-charge of this transaction

In order to proceed with this transaction, you will be required to contact the agent in-charge ( MR. NICHOLAS SMITH ) via e-mail. Kindly look below to find appropriate contact information: CONTACT AGENT NAME: MR. NICHOLAS SMITH E-MAIL:officeimf    PHONE NUMBER: +229-68690856 You will be required to e-mail him with the following information: FULL NAME: ADDRESS: CITY: STATE: ZIP CODE: DIRECT CONTACT NUMBER: OCCUPATION:

You will also be required to request Western Union or Money Gram details on how to send the required $96.00 in order to immediately ship your prize of $2.4 million USD via INTERNATIONAL CERTIFIED BANK DRAFT from IMF, also include the following transaction code in order for him to immediately identify this transaction : EA2948-910. This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $96.00 ONLY to MR. NICHOLAS SMITH via information in which he shall send to you,

MR. JAMES COMEY Federal Bureau of Investigation F B I Yours in Service, Photograph of Director JAMES COMEY,III JAMES COMEY, III Director      Office of Public Affairs Re: FBI Headquarters, Washington, D.C. (Be Aware!!!)

What is the difference in our CSID coverage and ID Experts coverage? I noticed the terms are different 18 mos vs 3 years yet the coverage seems similar.

OPM has posted questions and answers for people affected by the security breaches.
You can also subscribe for OPM email updates.

If I received a PIN and a letter from the OPM for supposedly more protection for the compromise. Having my 25 digit PIN and my last 4 numbers of my SS# should be enough. I am VERY WARY of then giving my entire address and entire SS# after I have entered my PIN and last 4 digits. If you sent a letter to me, THEN you have my information and you know where I live. I do NOT want to give more info via internet for more compromised availability. Surely our government is not this stupid, compromising more???? Why not give a NEW 25 digit SS# to those compromised???? Do you think this will magically stop AFTER 3 years? They cyber attackers will wait 3 years, use your brains people.

Someone keeps trying to take control of my laptop. Severl times this eveing tey have slowed my typing, taken me to locations I do not want to be and taken contorl of my cursor. Each time, i go to my browser (safari) clear history then go to a cleaner and erase my cache and then ru a scan. I come back and all is normal for a whil and they start again. What is up> Yes I was collected - as a former, fingerprinted, BI person Help. tiockges

I so agree with "they got me." If OPM has contracted with CSID, and I've already entered my PIN and last four, then CSID should already have all the info they need. I got misinformation from the CSID staff with whom I talked ("Oh, no one knows the service is only for three years -- only you know because I told you" -- it's on the OPM site). No one could answer my question re: how "restoration of identity" is legally or contractually defined (and CSID referred me to the OPM site, which has no such info). The Terms and Conditions explicitly state that CSID and their employees are not liable for any loss I suffer due to their negligence or breach of contract. Why has OPM selected this service? Why would OPM assume that three years of coverage is enough when fingerprint technology is still developing? Why would we not be offered new SSNs as "they got me" has suggested? I am deeply disappointed in OPM's response to this security breach that potentially puts me at risk for the rest of my life and not just for the next three years.

I feel "mistrustful" and "they got me" have some valid concerns. When I tried to register with ID Experts by phone they told me my Pin Number issued to me by letter by the OPM was invalid, that the OPM was the source of the problem, and that the OPM should have some info on its site withing 2 weeks and that I should try again then, or, if nothing was posted by OPM, call ID Experts again. I'm beginning to feel mistrustful of OPM and ID Experts at this point, too. I also felt very uncomfortable giving address, full SS number, etc. to ID Experts. Would someone at OPM verify that it is ok for ID Experts to be asking for this info.

My greatest fear is identity theft. Now this can impact my entire life and it won't end in 3 years. I agree with mistrustful and they got me. We need new SSNs.

I got most of the way in the process for "MyID Care Identity registration, before reading the privacy and Terms and Conditions, once i read them I decided not to press the submit button. When I tried to delete or erase the information it would not let me. Now I don't know if the registration went through anyway, with or without my consent!

I too received a letter from OPM, went to web site and entered my pin and last 4 SSN digits. Then they send me to a web site that requests the very information that I was told was hacked. This is the stupidest idea yet. We have no faith in gov't protecting our private information and now they tell us to share it with another group. Who comes up with these ridiculous ideas? My credit card was hacked twice in the last month and once last year. I don't even use credit cards at the gas pumps anymore. What's wrong with this country?

I received a letter last week from OPM stating that my identity might have been compromised in a security breach. I do not work for the goverment; however, at one point I did apply for a background check at a Veterans Hospital because I needed to do my clinical rotations there, then after I also applied to the same hospital for employment. I was never hired but all my info was entered. So is this letter from OPM with the PIN number true? It states that they will monitor my and my minor children credit for 3 years through ID Experts, can anyone tell me if this is scam or is a true letter, thank you.

Go to for the most current information. You'll find copies of the letters that OPM sent and answers to frequently asked questions on that site.

Thank you, yes I went into the OPM website and one of the sample letters looks just like the one they sent me so then that means the letter is legit?

I am a victim of identity theft that occurred after I signed up for my OPM "credit monitoring" due to my notice of personal information breach.The thief has taken everything they had access to my email account and all banking and credit information. I have a police report and complaint filled with FTC. When I check my "SO CALLED" credit monitor shows no alerts at all. Even though all the account information I have listed on my account is all HOT now since the theft. They can not help me because there are no alerts on my account. What good is this system if it does not work as what I thought it should. I feel even more exposed now. VERY DISAPPOINTED with OPM and the lack of support I'm getting with trying to get my Identity back!!!!!!!!!!

I received the standard OPM letter to those in the background investigation group. What is strange is that it is in my maiden name which I have not used since 1974! The only federal contact I had up to that point was applying for a summer civil service job in 1969--no background check that I knew about and no fingerprinting. My second husband, never connected with my maiden name, also received an OPM letter for reasons we can't figure out, since he has never sought or obtained federal employment. Has anyone else received a letter in a name they haven't used in more than four decades???

Yes, Linda! I too received the letter addressed to my maiden name. I have been married for 53 years and was married when I worked for the govt. Minor children covered? Mine are all 40 - 50 yrs old! Why is my husband not covered?

Go to for the most current information. You'll find answers to many questions there.
For example, the OPM site says that if you were affected by the background investigations record breach, your spouse may have been affected too. Some background investigation forms ask for your spouse's SSN. If your form asked for your spouse's SSN, your spouse will get a notification and will be able to sign up for services.

Linda, thank you for posting that..My letter too came to me with my first name and maiden name and at an address I have moved from. this letter wasn't forwarded through the post office. the new tenant at my old place of residence gave it to the property people to give to me...Its interesting. I did apply for a post office position about a month ago but yeah, this is strange...OPM would have my correct married name by now...considering NOT signing up for this and continuing to monitor my own credit...

What about physical security? I now live with fact the numerous foreign governments, ISIS, and criminals have my PII (including address , DOB, SSN...) Is there a process for reimbursement for security systems , firearms ... ? If Finically harmed , you could recover if one of these jokers comes to your house that a different ballgame.

Any advise?

If you have questions about what is covered by the credit and identity monitoring, identity theft insurance, and identity restoration services you enrolled for, you can contact the company that provides the services.

This might not be the place to inform,but it's the most read post available

what about medical records requests dated June 2015 being hand-walked in by someone looking for info on someone else? I was just handed an e-qip version of a medical release SF-86.

This is ridiculous. My identity may have been breached and I receive an email through your system.
The information you provide on your message is convoluted. Meanwhile you make me jump through hoops and leave the issue unresolved for weeks while I wait to hear back from you. With earlier notifications I was able to confirm data, now this runaround? PLEASE advise. I apologize for the tone of this email, but this is highly disconcerting and I am truly sick of this. I hope my info has not been compromised but I will now have more reasons to lose sleep.

I feel sorry for all involved, especially the retired and elderly that may not understand. Does it make sense to post examples of letters and say legit pins are 25 digits? It seems as though scammers could use this info to their advantage to further scam the innocent....???

read all the posts and looks like we no better off than before!!!!!! typical gov B S !!!!

I keep getting notices from that tells me to check in because there has been activity on my accounts. None of the links "log in" etc do NOT work. I think MY ID is a waste of tax payer dollars and is in itself a scam. Trump - forget about Obama and do something productive. Get a refund from these folks!

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.