An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to www.epa.gov. This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Office of Inspector General

Contact Us

Podcast: Phishing at the EPA

September 29, 2017

Al Bailey, a special agent in the EPA OIG's Office of Investigations, discusses a phishing scam at the EPA.

Download audio
Download transcript (22.88 KB)


 

More Podcasts: Listen to our staff talk about their latest audit reports, investigative functions and other initiatives.

​​Image Gallery: Images associated with podcast (click to enlarge)

Gallery Image 1: EPA emailThis image shows some of the 1,700 EPA emails gathered from the internet by the “phishers.” The EPA is an “open” federal agency, which means a lot of its contact information is readily available and found online.
Gallery Image 2: Phishing email exampleThis file shows the actual email sent by the “phishers” to EPA employees. It is believed that the misspellings and other errors found in these types of “phishing” emails are deliberate techniques to target vulnerable populations.
Gallery Image 3: Remote log-in pageThis file shows the remote log-in page constructed by the “phishers,” which was found on a Mexican newspaper’s website. It looks almost identical to the EPA’s actual log-in page. The “phishers” collected the information that EPA employees entered into this page. Armed with these usernames and passwords, the “phishers” could then access the federal email accounts of those employees and assume their identities.
Gallery Image 4: Captured EPA credentialsThis file shows the report that the “phishers” received after the “phished and caught” EPA employees entered their information into the made-up log-in page. 
Gallery Image 5: Compromised EPA emailThis file shows an actual email between an office supply vendor and the “phishers” using an unwitting EPA employee’s email account. 
Gallery Image 6: Invoice of toner orderThis file shows an actual invoice for an order of toner placed by the “phishers.” The “phishers” paid for their purchases with credit cards stolen in a separate phishing scam. Note also the valid U.S. address provided for the order. The “phishers” hired unwitting U.S. citizens to serve as shipping intermediaries.  
Gallery Image 7: Phishing email sent to personal emailsThis file shows a “phishing” email sent to personal email accounts, like Hotmail and Yahoo. 
Gallery Image 8: Phishing email sent to bank customersThis file shows a “phishing” email sent targeting USAA Bank account holders, for the purpose of stealing their financial information.
You may need a PDF reader to view some of the files on this page. See EPA’s About PDF page to learn more.

OIG Independence of EPA

The EPA's Office of Inspector General is a part of the EPA, although Congress provides our funding separate from the agency, to ensure our independence. We were created pursuant to the Inspector General Act of 1978, as amended Exit.

Environmental Protection Agency  |  Office of Inspector General
1200 Pennsylvania Avenue, N.W. (2410T)  |  Washington, DC 20460  |  (202) 566-2391
OIG Hotline: 1-888-546-8740.

Contact Us to ask a question, provide feedback, or report a problem.

Office of Inspector General