Phishing attacks can be costly for organizations. Please be careful what you click on. Recently, several of our fellow national laboratories were targeted in cyber attacks that required those facilities to make the decision to disconnect from the Internet. Fermilab was not involved in any of these attacks, but it is times such as these that remind us of the need to be diligent and the cost when we’re not. The attacks that took place earlier this month at several…
Lock up your information with a strong password. An important part of the lab’s computer security defenses for warding off password attacks involves choosing strong passwords. The Computer Security team continuously compiles a list of passwords from actual attacks. The following characteristics and patterns were found in the list of passwords used in a recent attack: Dictionary words, in any language, including proper names, fictional characters and movie titles. Personal details, such as phone and address information. Exploiting free search…
Take safeguards to avoid falling prey to phishing email scams. Last month the Oak Ridge National Laboratory, ORNL, experienced a major attack on its computing systems. A phishing email was sent and a few employees clicked on the attachment, which caused malware to be installed on their machines and spread to other systems at the laboratory. This attack caused ORNL’s Internet service and email to be down for roughly two to three days. Cleaning up the damage required ORNL staff…
Read your e-mail carefully to avoid falling prey to phishing attempts. You should second guess all e-mails from companies right now because of a trend in very targeted phishing attempts. The news media reported earlier this week that Epsilon, an e-mail marketing company, experienced a large data loss to hackers. Epsilon lost e-mail addresses it stores for companies. Those companies are reported to include TiVo, Chase, Walgreens, TIAA-CREF, Best Buy and many others. I received a message from 1800flowers.com apologizing…
Read your e-mail carefully to avoid falling prey to phishing attempts. You should second guess all e-mails from companies right now because of a trend in very targeted phishing attempts. The news media reported earlier this week that Epsilon, an e-mail marketing company, experienced a large data loss to hackers. Epsilon lost e-mail addresses it stores for companies. Those companies are reported to include TiVo, Chase, Walgreens, TIAA-CREF, Best Buy and many others. I received a message from 1800flowers.com apologizing…
Recent phishing incidents lead to new training requirements for some employees. Recently, in a single week, four employees gave their passwords out to other people. Two gave up their username and password to a phishing e-mail; two transmitted passwords in clear text due to misconfigured systems, including a smartphone that failed to encrypt the e-mail login. These mistakes cost time and money. It costs the laboratory an estimated $2,000 in man-hours each time a password gets revealed to phishers and…