Scammers have a new tactic: impersonating DOGE

Scammers are impersonating the Department of Government Efficiency in an effort to steal personal information and possibly take advantage of people who believe they’ll receive direct compensation from the Elon Musk-created group’s supposed efforts to cut down on waste, fraud and abuse. 

An email reviewed by Scoop News Group, and subsequently analyzed by experts at the cybersecurity firm Proofpoint, revealed a new scheme that involved scammers pretending to be a DOGE agent looking to steal personal information. 

The message was sent to close to 1,800 email addresses and to more than 350 organizations, Proofpoint found. While the effort didn’t appear to be targeted, recipient email accounts were affiliated with colleges and universities, transit entities, as well as government and other organizations. 

“U.S. government impersonation is a very common theme for business email compromise and fraud actors and DOGE … now that it exists, would be part of that, especially for threat actors who had their finger on the pulse of what’s going on, people who are paying attention to what’s in the news, what’s being talked about,” explained Selena Larson, a staff threat researcher at Proofpoint.

The email said it was sent from an Agent Daniels with the “DOGE Coordination Unit,” with the subject line “DOGE Community Access.” The email claims that the recipient has been given a specific ID and an option to message an agent affiliated with DOGE, and from an non-existent “Division of Government & Economic Development.” It seems to be soliciting support in DOGE’s efforts and directed people to chat on a separate online platform. 

After Scoop News Group flagged the email to Proofpoint, analysts at the company were able to interact with the apparent fraudster, whose lure link brought them to a WhatsApp chat, Larson said. The person identified themselves as “your assigned personal agent from the Department of Government Efficiency (DOGE), which has been authorized by the federal government to issue tax refunds to eligible citizens from funds recovered from improper government expenditures.” 

The scammer sent Proofpoint a PDF to fill out for the refund, a move the company assessed was designed to get the recipient to share sensitive personally identifiable information (PII), “which can lead to fraud, impersonation, [and] other follow-on potential activities,” Larson said. IP addresses related to the scheme appeared to be coming from southern Nigeria, Proofpoint found. 

The White House confirmed that the email was not from the government. 

“Federal employees should remain vigilant about spam, phishing attempts, and suspicious messages in their government email accounts,” a spokesperson for the Office of Personnel Management told Scoop News Group. 

“Questionable emails should be reported through the relevant agency’s designated channels and OPM advises all federal employees to avoid clicking on any unknown links or attachments. For more information on cybersecurity best practices, federal workers should visit opm.gov/cybersecurity,” the spokesperson added. 

A spokesperson for the Cybersecurity and Infrastructure Security Agency similarly emphasized that most official government communications will originate from a .gov domain and there are “key actions to verify online communications.” The spokesperson said they were not previously aware of this particular scheme.

“We would like to remind the public of key actions to verify online communications. Be cautious of urgent or emotionally appealing messages, requests for personal or financial information, untrusted shortened URLs, and incorrect email addresses or links,” they said. 

The effort comes amid ongoing attempts to take advantage of confusion over DOGE. Proofpoint researchers have previously caught ransomware attackers impersonating far-right figure Nick Fuentes with terminology related to the group, and other cyber firms have seen the use of other prominent DOGE names. McAfee has also seen a small number of scammers try to exploit people by associating themselves with “DOGE.”

Larson said that Proofpoint has seen other DOGE-related email campaigns as well, mostly with fraud in mind. Larson said one of the messages, supposedly from a “U.S. federal compensation bureau,” reads: “In addition to the U.S. Department of Justice, the FTC, CISA and DOGE have approved compensation of $3 million.”

Adding to confusion is that in the early weeks of DOGE’s efforts, actual government communication from OPM came off as suspicious, leading some federal workers to report the email as spam. DOGE’s website also included a series of security vulnerabilities when launched and was, at one point, susceptible to being edited by the public.