Think twice when you get email.

Phishing emails from banks and commercial websites are common, but sometimes a phishing email can be targeted at you more directly. Whether it appears to be from LBL, from a collaborator, or from DOE, emails can be convincingly forged. Knowing the sender is not sufficient to ensure that the email is safe.

If the email contains a link to another site...

If the email contains a link to another site, make sure it goes to the site you think it does. Place your mouse over the link in the email, does it go to the place you think it should, or does the link contain numbers? Is the link a misspelling of a real domain? If you're in doubt, try typing the name of the site into your browser instead of following the link. And as always, forward suspicious email to cppm@lbl.gov

If the email contains an attachment...

If the email contains an attachment and you don't expect it, DON'T CLICK! Even seemingly harmless things like Word documents can contain malicious code. Send the email to cppm@lbl.gov. If you're suspicious and you can't safely delete the email (after forwarding it to cppm), use other techniques to validate the email, such as calling the sender (after you've verified their identity).

It has happened here:

Just last year, a well written email was sent to twenty LBL employees claiming to be from "The View" telling the employee that they had been selected to be featured in an interview. The email contained a PDF attachment that claimed to contain a questionnaire to fill out - but in fact, the PDF exploited a previously undisclosed vulnerability in Acrobat. A large percentage of the recipients assumed it was a scam and forwarded it to cppm - kudos to them. It's important to always keep in mind that the next email could be a well designed scam.