Viewable by the world

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 45 Next »

Simulated Phishing

In order to raise awareness of current phishing scam tactics, the Berkeley Lab Cyber Security team sends emails to Berkeley Lab employees that simulate real phishing attacks. During the initial phases of this project, simulated phishing emails will only be sent to the list of users who opt-in to receive them. The first few rounds of simulated phishing will be used to establish a baseline of how many users are correctly identifying phishes and reporting them. Simulated phishing emails will redirect to training materials if the recipient clicks on the link in the email. If you would like to help improve Berkeley Lab's phishing awareness and training please opt in below.

The goal of this simulated phishing campaign is to help you to learn how to spot a phish and report it to the Cyber Security team. Accurately reporting phishing scams can allow the Cyber Security team to alert other employees and block future phishes. 

Privacy 

Information about individual responses will NOT be shared with supervisors or HR. Passwords will NOT be stored.

Opting in

Simulated phishing emails will be sent only to users that have filled out this .

What is Phishing?

An important part of this campaign is distinguishing between what is a phishing email, a targeted phishing email, and spam.

AttackDescriptionAction you should take
Targeted Phishing

A phishing attack that targets your affiliation with Berkeley Lab, UCB, or DOE to steal
sensitive data (passwords, SSNs, etc). These messages could appear to come from LBL email addresses or reference Lab employees.

Report immediately to [email protected]
PhishingAttacks that are carried out in order to steal passwords, SSNs, and other sensitive
data. These messages often ask you to click on a link, send information, or enter credentials by pretending to be a credible website (such as a bank).		Report to [email protected]
SpamThese are unwanted messages but are not asking for sensitive information.Good to update spam filters by using our 
 

How do I report a phishing email?

Report with Phishme Reporter 

If you have this Chrome extension, just select the email that you suspect is a phish and click the Phishme Reporter button.

  2. Click "Add to Chrome".
  3. Click "Add Extension" when the popup asks if you want to "Add Phishme Reporter?"
  4. The first time you use the button it will request permission to send email as you. This is necessary to send your report to [email protected].

The Phishme Reporter simplifies the reporting process by adding a button in Gmail that appears when an email is selected or opened. When clicked, it forwards the source code of the email to the Cyber Security team. The button is also connected to the tool we are using to send and track simulated phishing emails and will notify you if you have correctly identified a simulated phishing email.

Report by forwarding the email 

Send an email to [email protected] reporting the incident and include the source code of the phishing email as an attachment.  If you do not know how to attach the source code click here to learn how to forward the source code of an email as an attachment: 

Feedback 

In order to improve this program please fill out this form after receiving a simulated phishing email: 

Examples of Simulated Phishes (Coming Soon)

 

  • No labels