Phishing continues to target the Berkeley Lab community, through fake emails and text messages. These attacks can be difficult to recognize because they often impersonate colleagues. It’s critical for Lab colleagues to understand the latest phishing tactics to protect Berkeley Lab. Below are three common types of phishing attacks we’ve seen at the Lab with key ways to tell if it’s a phishing.
1. SMS Phishing
Phishing has expanded beyond email and now commonly occur via text messages. SMS phishing allows attackers to bypass email filters and often involves messages pretending to be from banks, delivery services, or well-known companies. These phishing attempts typically include malicious links that direct victims to fake websites or install malware.
How to Spot It:
- The SMS appears to be from someone you know, but using a new phone number.
- The message contains a suspicious or shortened link that doesn’t match the official website of the company.
- The text offers something that seems too good to be true, like a free gift or an urgent need to fix an account issue.
- The message asks for personal or financial information, such as passwords or account details.
Recommended Actions:
- Don’t click on any links in unexpected texts or emails.
- Contact the person or company directly through their official website or customer service number to verify any suspicious claims.
2. Impersonation of Colleagues and Supervisors
One of the most effective phishing tactics involves impersonating trusted colleagues or supervisors. Attackers often research public information to mimic the identities of colleagues, making their emails appear more legitimate. Attackers typically include personal information, such as job titles and even email signatures, to make the messages seem authentic.
How to Spot It:
- The sender’s email address does not match the official domain (e.g., @lbl.gov).
- The message feels urgent or unusual, especially if it involves requests for personal tasks or purchases.
- The sender avoids phone communication, claiming to be unavailable for a call.
Recommended Actions:
- If you receive an unexpected or suspicious request, contact the person directly using a known phone number or official email.
- Never respond to time-sensitive requests that involve personal tasks or purchases without thorough verification.
- Report suspicious emails to security@lbl.gov and mark the email as phishing in your Gmail account.
You can also read the full article here.
2. Fake Invoices
Another phishing type frequently targeting Lab employees involves fake invoices sent via email, claiming charges for services or subscriptions. Attackers impersonate well-known tech companies like Geek Squad, Norton, or McAfee, attempting to convince recipients they’ve been charged for a service. They hope the recipient will panic and call a provided phone number, where sensitive information is then requested.
How to Spot It:
- The sender’s email address is from a suspicious, non-company domain (e.g., a Gmail account instead of a company’s official domain).
- The message contains obvious grammatical errors, missing punctuation, or improper formatting.
- The invoice is unexpected or the greeting is generic (e.g., “Dear Customer”).
- The email provides a phone number that does not match the official contact number of the company.
Recommended Actions:
- Don’t call the number in the email. Instead, visit the company’s official website to verify the invoice and customer service information.
- Mark the email as spam, and report it to security@lbl.gov if you suspect a phishing attempt.
- Keep an eye out for red flags like generic greetings, grammatical errors, and incorrect sender addresses.
in the bottom right or navigate to