Computer Protection Program Berkeley Lab
Computer Protection Program at Berkeley Lab Security
Ernest Orlando Lawrence Berkeley National Laboratory
Emergencies | Site Index | Contact Us
CPP Home
Contacts
Policy Guidelines 
Minimum Security Requirements
Employee Guidelines
Computer Protection Agreement
RPM
DOE Notice to Users
Scan Information
System Procedures
Tools & Services
ALERTS
Recent CPP Actions
News & Articles
CPP Intranet
 
  POLICY GUIDELINES  
Social Engineering: Don't Get Caught  

_____________

What You Need To Know:

Social engineering is the broad term for any cyber attack that relies on fooling the user into taking action or divulging information. Since such attacks rely on you, the user, to be successful, you must be alert to them. Think twice every time: is this real, or a trick? If you suspect that you've been targeted, don't just ignore it; instead, send an email to cppm@lbl.gov as soon as possible. It's likely other people at LBNL were also targeted by the same attack - reporting it will help to protect the people who didn't recognize it.

Click on the icons below to learn more about how each one can be used in a social engineering exploit:

Phone Call Hi! This is the Help Desk...
Email This is an email from the Security Office, please run this important update...
CD This disk contains helpful DOE information...
website Please enter your password...

Examples of Targeted Social Engineering

  1. A phone call that purports to be from the Help Desk asking you for your password.
  2. An email that purports to be from computer security asking you to install a piece of software
  3. A CD or USB Flash Device that arrives in the mail unexpectedly, claiming to be from LBL or DOE.

Examples of General Social Engineering

  1. Email that purports to be from your Bank or Credit Card company asking you to update personal information
  2. Email that claims to be from a shopping or auction site asking you to provide information about a purchase
  3. Email that claims to have important information about a topic that interests you: for instance, about a recent crime in the area, that has a malicious attachment.

What can you do?

  1. Separate your work life from your personal life: Don't use your @lbl.gov email address for personal banking or shopping. Use different passwords for your work and personal accounts.
  2. Think twice every time: A little bit of awareness goes a long way. Stay alert about possible attempts to steal your information - be suspect of things that don't feel right.
  3. Know the signs of a scam: While not fullproof, being aware of the signs of a scam may help you to spot one. See "how can I tell" below.
  4. Report it fast. If you ever suspect you've been targeted, report it to cppm@lbl.gov fast. Don't just delete or ignore it - it's possible someone else was attacked in the same way - reporting it might save them, or it might save the whole Lab.

How can I tell the real from the fake?

Resources: