Skip to end of metadata
Go to start of metadata

Targeted Phishing 2014-12-05

On the morning of Friday December 5th, 2014, about 280 people received a targeted phishing message with the subject "Account Update Needed"  This message appears to originate from "Lawrence Berkeley National Laboratory <portal@lbl.gov>" . The message contained a link to a phony login page which captures usernames and passwords when entered and then redirects you to the real Gmail login page. 

Phishing Message

Here is an example of the phishing message.

Phishing page

The link in the email message goes to the following page, which looks a lot like the real Berkeley Lab login page. But note the URL is emorioroshop.com.br. This page would steal your login credentials. 

FAQs

Why am I being notified?

You are being notified because according to our logs, you received a copy of the message.  We want to make sure that everyone who received the message understands it is not legitimate.

What if I clicked on the link?

Please contact security@lbl.gov if you believe you entered your username and password on the phishing page, or if you aren't sure.

What have you done to prevent phishing messages?

The Cyber Security Team is constantly watching for these types of phishing messages.  As soon as we were alerted to this message (by a vigilant user) we immediately took steps to block the emails and the web pages included in the message.  We are reaching out to anyone suspected of entering information on the page and we continue to monitor for any additional messages which target Berkeley Lab, UC, DOE or our affiliates.

Questions

If you have any further questions, please write us at security@lbl.gov