Computer Protection Program Berkeley Lab
Computer Protection Program at Berkeley Lab Security
Ernest Orlando Lawrence Berkeley National Laboratory
Emergencies | Site Index | Contact Us
CPP Home
Contacts
Policy Guidelines
Scan Information
Training
System Procedures
Tools & Services
Recent CPP Actions
CPP Intranet
 
 
  PROCEDURES FOR SECURING SYSTEMS  
SPAM, Phishing, and Hoaxes  

________

Spam

If you receive spam, please use our spam reporting procedures to send the spam to our anti-spam vendors, thus improving the service going forward.

Some spam messages include instructions for supposedly removing your address from the mailing list. This will purportedly stop spam from that spam source. However, if you follow the instructions, chances are you are only making matters worse. Spammers use the removal replies to confirm addresses to receive even more spam.

Phishing

If you receive a phishing email, also use our spam reporting procedures to send the spam to our anti-spam vendors, thus improving the service going forward.

Phishing typically involves attempts to acquire sensitive information, such as usernames or passwords. Phishing attempts frequently attempt to trick you into visiting an invalid website. For example, many phishing attempts redirect you to sites that appear to be eBay, Citibank, or PayPal, but are actually not. The phishers are trying to trick you into typing your username, password and other sensitive information into these invalid website's. The phishers would then steal your username and password to use on the real eBay, Citibank, or PayPal.

Targeted Phishing

If you receive an email that looks suspicious, asks for information or action, and is specifically targeted at you in the context of your affiliation with Berkeley Lab, UCB, UC, or DOE, please forward it as an attachment to cppm@lbl.gov .    CPP is interested in anything that falls within the category of "targeted social engineering". 

See the social engineering website for more information.  http://www.lbl.gov/cyber/guidelines/social-engineering.html

Examples:

Send to spam@lbl.gov Send to cppm@lbl.gov

Paypal Phishing

Email from "the helpdesk" asking for your password
Bank Phishing Email from "UC" asking for your "At Your Service" password
Scams involving foreign accounts (419)  

Hoaxes

If you receive a hoax, please forward it to spam@lbl.gov.

While the vast majority of computer security information on the Internet is accurate and useful, there are unfortunately a number of hoaxes circulating as well. For that reason, do not forward others warnings about computer viruses, Trojan horses, or any other Internet danger unless you are sure it is true.

The following website are good resources to determine if a given message is indeed a hoax.

CIAC Hoaxbusters
Snopes.com
Symantec Antivirus Research Center—Virus Hoaxes
F-Secure Corporation Hoax Warnings

 

 

 
 

Home | Contacts | Policy Guidelines | System Procedures | Tools & Services | ALERTS | News & Articles