Skip to end of metadata
Go to start of metadata

Targeted Phishing Dec 6

On the morning of Friday December 6th, 2013, about 140 people received a targeted phishing message with the subject "New LBL Gmail account."  The message contained a link to a phony login page which captures usernames and passwords when entered and then redirects you to the real Gmail login page.

Phishing Message

Here is what the phishing message looks like:

 

From: IT Help Desk <IThelp@lbl.gov>
Date:
Fri, Dec 6, 2013 at 6:10 AM
Subject:
New LBL Gmail account

Gmail@Berkeley Lab and Calendar service updated.
For instructions on how to access your email, sign in at http//gmail.lbl.gov with your Berkeley Lab Identity (LDAP) username (XXXxxxx) and password.
Access gmail at: http//gmail.lbl.gov/
Updated Gmail@Berkeley Lab includes a refreshed interface with tabs on top and a new inbox web-mail default theme.
The Laboratory's primary email service is Gmail@Berkeley Lab. Gmail supports access via the web interface, IMAP clients, and mobile devices. Gmail is fully integrated into the Google Apps Suite. 
The new employee information page for Google Apps is https//commons.lbl.gov/x/SgveB

Thank you,

IT Division Help Desk, 510-486-4357http://help.lbl.gov

 

Phishing page

Here is a screenshot of the phony login page that the phishing message linked to:

FAQs

Why am I being notified?

You are being notified because according to our logs, you received a copy of the message.  We want to make sure that everyone who received the message understands it is not legitimate.

What if I clicked on the link?

Please contact security@lbl.gov if you believe you entered your username and password on the phishing page, or if you aren't sure.

What have you done to prevent phishing messages?

The Cyber Security Team is constantly watching for these types of phishing messages.  As soon as we were alerted to this message (by a vigilant user) we immediately took steps to block the emails and the web pages included in the message.  We are reaching out to anyone suspected of entering information on the page and we continue to monitor for any additional messages which target Berkeley Lab, UC, DOE or our affiliates.

Questions

If you have any further questions, please write us at security@lbl.gov