Spam, spam, eggs and spam

Beware of spam and phishing attempts. Never give anyone your user name or password. Fermilab service providers will never ask you for this information.

Fermilab e-mail accounts are frequent targets for spam, especially phishing attempts that try to convince careless users to reveal information such as user names and passwords about themselves to attackers. Last week many laboratory users were on the receiving end of a phishing attack, so it is timely to remind users of a few precautions.

Many of us received e-mail last Thursday with the subject

“FNAL.GOV WEBMAIL TEAM SUPPORT UPDATE/MAINTENANCE OF USER ACCOUNT.”

The sender purported to be

“From: FNAL.GOV WEBMAIL TEAM office@fnal.gov.”

The message said your e-mail would be turned off unless you sent details of your account, including user name and password, to the reply address

“Reply-To: upgradewebhelpdesk2013@gmail.com.”

This message illustrates a couple of issues common to this type of phishing attacks:

  • You can never trust who your e-mail says it is from. Any mail user can put any address he or she wants in the From field. If you look carefully at the header of this e-mail example, you can see that it is coming from taruma.pmm.am.gov.br, not from any systems associated with Fermilab. See below about measures being taken to help avoid this.
  • No service providers at Fermilab will EVER ask you to tell them your password, nor would they EVER ask you to send any information to a Gmail mailing address. If any service providers at Fermilab need to contact you, they will do so through the Fermilab Service Desk, and any action on your part will involve opening or modifying a ServiceNow service ticket.

Many lab users reported this e-mail to computer security or opened service desk tickets. This is a great indicator that people are paying attention and taking these security risks seriously. We are not aware of anyone who revealed his or her password, but, as always, we will be watching for improper use of our e-mail system. We are also in the process of instituting measures that prevent forged e-mail messages like this from being delivered to lab recipients. In the meantime, learn more about Fermilab’s anti-spam procedures, including links to instructions for reporting spam, in this ServiceNow Knowledge base article.

Irwin Gaines