Berkeley Lab Computer Protection Program: Resources

Emergencies | Site Index | Contact Us


	CPP Home

	Contacts

	Policy Guidelines

	Scan Information

	System Procedures

	Tools & Services

	ALERTS

	Recent CPP Actions

	News & Articles

	CPP Intranet

PROCEDURES FOR SECURING SYSTEMS

SPAM, Phishing, and Hoaxes

Spam
Phishing
Targeting Phishing
Hoaxes

________

Spam

If you get spam, please forward it as an attachment to spam@lbl.gov. Please go here for details.

Some spam messages include instructions for supposedly removing your address from the mailing list. This will purportedly stop spam from that spam source. However, if you follow the instructions, chances are you are only making matters worse. Spammers use the removal replies to confirm addresses to receive even more spam.

Phishing

If you receive a phishing email, please forward it as an attachment to spam@lbl.gov. Please go here for details.

Phishing typically involves attempts to acquire sensitive information, such as usernames or passwords. Phishing attempts frequently attempt to trick you into visiting an invalid website. For example, many phishing attempts redirect you to sites that appear to be eBay, Citibank, or PayPal, but are actually not. The phishers are trying to trick you into typing your username, password and other sensitive information into these invalid website's. The phishers would then steal your username and password to use on the real eBay, Citibank, or PayPal.

Targeted Phishing

If you receive an email that looks suspicious, asks for information or action, and is specifically targeted at you in the context of your affiliation with Berkeley Lab, UCB, UC, or DOE, please forward it as an attachment to cppm@lbl.gov . CPP is interested in anything that falls within the category of "targeted social engineering".

See the social engineering website for more information. http://www.lbl.gov/cyber/guidelines/social-engineering.html

Examples:

Send to spam@lbl.gov Send to cppm@lbl.gov

Paypal Phishing
Email from "the helpdesk" asking for your password

Bank Phishing Email from "UC" asking for your "At Your Service" password

Scams involving foreign accounts (419)

Hoaxes

If you receive a hoax, please forward it to spam@lbl.gov.

While the vast majority of computer security information on the Internet is accurate and useful, there are unfortunately a number of hoaxes circulating as well. For that reason, do not forward others warnings about computer viruses, Trojan horses, or any other Internet danger unless you are sure it is true.

The following website are good resources to determine if a given message is indeed a hoax.

CIAC Hoaxbusters
Snopes.com
Symantec Antivirus Research Center—Virus Hoaxes
F-Secure Corporation Hoax Warnings