Day after day we see dozens of "official notices" that turn out to be spam or worse, phishing attacks. So how do you tell the difference between what is real and what is a "fake" notice and a spear phishing attack? How does the US Gov't notify an entity that they are the target of an attack, via an email? How about a phone call where the Caller ID shows as unidentified. Does it take a person with an FBI badge showing up to your office and telling you that your company has been targeted for an attack? The next question to ask is, once notified, does that information become public? If you've been hacked and there's been a data breach the first thought of the company might be they have to keep it quiet. But if it was the FBI, DHS or some other three-letter-agency that informed you of the breach, does news about the breach get out to the public?
I'll ask the question again, what does an official notification look like?