Viewable by the world

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Simulated Phishing

In order to raise awareness of current phishing scam tactics, the Berkeley Lab Cyber Security team sends emails to Berkeley Lab employees that simulate real phishing attacks. During the initial phases of this project, simulated phishing emails will only be sent to the list of users who opt-in to receive them. The first few rounds of simulated phishing will be used to establish a baseline of how many users are correctly identifying phishes and reporting them. Simulated phishing emails will redirect to training materials if the recipient clicks on the link in the email. If you would like to help improve Berkeley Lab's phishing awareness and training please opt-in below.

The goal of this simulated phishing campaign is to help you to learn how to spot a phish and report it to the Cyber Security team. Accurately reporting phishing scams can allow the Cyber Security team to alert other employees and block future phishes. 

 

Privacy 

 

Information about individual responses will NOT be shared with supervisors or HR. Passwords will NOT be stored.

Opting in


Simulated phishing emails will be sent only to users that have filled out the Google Form.

 - Click here to fill out the form: https://docs.google.com/a/lbl.gov/forms/d/1CyLC5yKCgwz9bvUOGLrC37zOJ0Vi0Y1EjnU01no5CCE 

What is Phishing?

An important part of this campaign is distinguishing between what is a phishing email, a targeted phishing email, and spam.

 

AttackDescriptionAction you should take
PhishThese are attacks that are carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Most often the emails pretend to be from credible sources such as, financial organizations or online services. These messages often ask you to click on a link, send information via email or fax, or enter credentials into a seemingly legitimate website.Forward to [email protected]
Targeted PhishingThese are attacks that are in the context of your affiliation with Berkeley Lab, UCB, UC, or DOE to steal sensitive data (i.e. usernames, passwords, SSNs). These messages could use names of co-workers, appear to come from LBL email addresses, or directly reference Berkeley Lab employees. These can be very difficult to distinguish from legitimate messages and are important to notify the Cyber Security team about quickly.Forward to [email protected]
SpamThese are unwanted messages but are not asking for sensitive information.Use spam reporting procedures

 

  - For more information on phishing see the Cyber Security Resources page on Spam, Phishing, Targetted Phishing

How do I report a phishing email?

Phishme Reporter for Google Chrome

The tool we are using to send and track simulated phishing emails comes has a Chrome extention called the Phishme Reporter.

This extention adds a button in Gmail 

https://chrome.google.com/webstore/detail/phishme-reporter/dgbbjjedalfdhoeamabpnnepfjaegmop

Reporting for non-Chrome users

Send an email to [email protected] reporting the incident and include the source code of the phishing email as an attachment.  If you do not know how to attach the source code click here to learn how to forward the source code of an email as an attachment: Forward Email As Attachment

Feedback 

In order to improve this program please fill out this form after receiving a simulated phishing email:

https://docs.google.com/a/lbl.gov/forms/d/1mOLv2WmepMK33BW2bHg--oc9kguK1I0_xOX8gDoC2kM/edit?ts=5772e843

Examples of Simulated Phishes (Coming Soon)

 

  • No labels