At a meeting last week, it was said that about 1400 of these phishing emails were sent out to LANL managers, and about 400 of them responded. Of those, some actually entered PII (personally identifiable information). The follow-on test will be to send employees thumb drives, CDs, and DVDs to see if they insert them into their computers.
Thanks! The CDs and DVDs make great coasters. Save a few for me. I'll be happy to take all of the thumb drives too. All of the USB ports here at Acme Labs are JB Weld free.
Avoid becoming target of phishing scams
November 20, 2008
A group of Laboratory employees were attacked last week - cyber attacked that is - as part of an effort to test employee awareness about "phishing" scams.
A Laboratory red team conducted a "phishing" attack on some employees. The attack used two different e-mail messages, one from "lans-llc.com" with the subject "LANS Employee Survey," and the other from "employer-rewards.com" with "Congratulations!" in the subject line. The exercise was conducted under the direction of the Chief Information Office.
The e-mails were crafted to appear to be official correspondence, and they asked the employee recipients to click on an embedded link that took them to a Web site, said Maco Stewart of International Research, Analysis, and Technology Development (IAT-1), coordinator of the Lab's Information Security Operations Center. At the Web sites, recipients were prompted to provide additional information to either complete the "survey" or obtain their special gift.
Most employees receiving the e-mails recognized them as scams and either deleted them or reported the phishing attempt to their OCSRs. But some employees did click on the links, said Stewart.
"This type of attack is a common means used by adversaries who attempt to either gather sensitive information or deposit malicious software on the user's system," said Stewart.
Here are some tips to avoid becoming a victim of a phishing scam at work and home:
Phishing e-mails may contain spelling errors or sound too good to be true. When in doubt, contact an OCSR. Don't click first and ask questions later, as this could compromise both your system and potentially, other systems on the network.
- A well configured and patched system is the first line of defense. Contact a system administrator if not sure about the state of your system.
- Ensure that your e-mail system does not automatically open any links or images. This is a setting that can be verified under the Options or Preferences menu for the email software.
- Be suspicious of e-mail requests asking for inappropriate information, such as a home e-mail address, Z-numbers, or other personal information. Look for slight irregularities in the address or link, such as lanl.com as opposed to a .gov address.
- Most e-mail software enables the user to "hover" over a link to see whether the true linked destination site is the same as that shown in the blue text.
Employees should forward suspicious e-mails to firstname.lastname@example.org and contact the Cyber Security Incident Response Team (CSIRT) at 5-8641. All information security events or incidents also must be reported to the SIT at 5-3505 during normal business hours or through SOC-Los Alamos after hours at 5-1279.
A list of cyber security contacts is here.