[All_jlab_accounts] Important information regarding spam & phishing attacks

deborah magaldi magaldi at jlab.org
Fri Jul 25 14:33:56 EDT 2014 

Please read the following to help protect Jefferson Lab and your own 
personal information and our information technology systems.

Important Highlights:

.Just clicking on a link can result in the compromise of your account, 
computer, or information.

.Before you click on a link or enter any information into a web site, 
always verify the location by mousing over the link or reviewing the URL 
bar in your web browser.

.Providing your JLab username/password to non-JLab web sites is never 
acceptable, and can result in account compromise or data loss.

Jefferson Lab email accounts have received multiple phishing emails over 
the past three days. These phishing emails ranged from claiming to have 
information from the Helpdesk, to notification of password expiration 
and the need to reconfirm your laboratory computer account. Although the 
link supplied in the email messages was clearly not a JLab web site, the 
text for the link obscured that fact and the web site itself used JLab 
logos and other identifying features to make it look legitimate.

JLab received about 1000 phishing emails and over 80 JLab computer 
account holders (also known as users) clicked on the link in the email. 
Of the 80 users that clicked on the link, at least 11 provided their 
JLab credentials. This phishing attack had about an 8 percent click-rate 
and a 1 percent success rate -- a fairly high fraction relative to 
previous phishing attacks at Jefferson Lab.

Fortunately for this particular attack, we were able to determine the 
names of those who supplied their JLab credentials or who clicked on the 
link from JLab, as well as those who called the helpdesk to report 
having clicked on the link. This helped to limit the damage, by allowing 
the helpdesk to disable or change the passwords for those accounts 
immediately. If you ever find that you have supplied your JLab 
credentials to a non-JLab resource, please report this to the helpdesk 
and change your password immediately.

Phishing attacks like this one can cause significant disruption to an 
individual or to the laboratory, and could potentially compromise 
sensitive information. In many cases, recovery from an infected web site 
can impact lab business, or require helpdesk support, so it is critical 
that you report if your credentials have been compromised. Please take a 
moment to consider best practices for web browsing and general 
protection of your JLab password.

Even just clicking on a link can result in malware being installed on 
your system or a zero-day vulnerability being exploited, both of which 
allow a hacker to gain access to your computer and JLab computing 
resources. Never click on a link you are unfamiliar with. When you 
receive any type of email with a link in it, the actual link location 
may not match the text that is shown on the screen. Take a couple of 
steps to ensure that you know where the link will actually take you. 
Hover over the link with your mouse before you click on it. Email 
clients and web browsers will tell you the actual location, usually in 
the bottom left of the screen. In the Zimbra web client, you will also 
see this right under your mouse pointer.

In general, only visit web sites that you are familiar with -- those 
that you have visited before or that are well known. If you are using a 
search engine to find information or following links from other web 
pages, take a moment before you click on any link to look at the actual 
URL. If it seems suspicious, it probably is.

When being asked for your username/password, always be sure that the 
page you are on is a Jefferson Lab resource. Does the domain name in the 
URL (uniform resource locator) end with "jlab.org"? If not, then it's 
not a Jefferson Lab resource -- don't supply your credentials. For 
reference, the parts of a URL are:protocol://hostname.domain_name/file_path

For example: http://www.jlab.org/search/index.html (jlab.org is the 
domain name)

Forward all spam, especially phishing attacks, to spam at jlab.org. This 
will allow the IT Division to deploy preventative measures, such as web 
site blocks or email filtering, to help mitigate potential damage.

For more helpful information, visit the Computer Center web site at 
cc.jlab.organd review the phishing/spam resources provided.


/This message is being sent on behalf of Jefferson Lab's Computer Center 
and Information Technology Division./


Regards,
Deb Magaldi
Public Affairs
Jefferson Lab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/all_jlab_accounts/attachments/20140725/41e94e46/attachment-0001.html

More information about the All_jlab_accounts mailing list