In order to raise awareness of current phishing scam tactics, the Berkeley Lab Cyber Security team will begin sending emails to the Berkeley Lab employees that simulate real phishing attacks. During the initial phases of this project, simulated phishing emails will only be sent to the list of users who opt-in to receive them. The first few rounds of simulated phishing will be used to establish a baseline of how many users are correctly identifying phishes and reporting them. Simulated phishing emails will redirect to training materials if the recipient clicks on the link in the email. If you would like to help improve Berkeley Lab's phishing awareness and training please opt-in below.
The goal of this simulated phishing campaign is to help you to learn how to spot a phish and report it to the Cyber Security team. Accurately reporting phishing scams can allow the Cyber Security team to alert other employees and block future phishes. Information about individual responses will NOT be shared with supervisors or HR.
What is phishing?
An important part of this campaign is distinguishing between what is a phishing email, a targeted phishing email, and spam.
Phishing: These are attacks that are carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Most often the emails pretend to be from credible sources such as, financial organizations or online services. These messages often ask you to click on a link, send information via email or fax, or enter credentials into a seemingly legitimate website.
Targeted phishing: These are attacks that are in the context of your affiliation with Berkeley Lab, UCB, UC, or DOE to steal sensitive data (i.e. usernames, passwords, SSNs). These messages could use names of co-workers, appear to come from LBL email addresses, or directly reference Berkeley Lab employees. These can be very difficult to distinguish from legitimate messages and are important to notify the Cyber Security team about quickly.
Spam: These are unwanted messages but are not asking for sensitive information.
For more information on phishing see the Cyber Security Resources page on Spam, Phishing, Targetted Phishing
Opting in
Simulated phishing emails will be sent only to members of the [email protected] mailing list.
- Click here to subscribe: https://lists.lbl.gov/sympa/subscribe/simulated-phishing
What should I do when I see a phishing email?
Report the email to [email protected] and save the source code of the phishing email as an attachment.
- Click here to learn how to forward the source code of an email as an attachment: Forward Email As Attachment
Examples of Simulated Phishes (Coming Soon)
