You've fallen for a phish!

 

Phishing attacks are an ongoing threat to Fermilab and are becoming increasingly sophisticated. One single successful phishing attack can lead to compromise of the entire site, can put people's personal information at risk, and can cause major embarrassment for the laboratory.

 

 

Each individual at the lab is responsible for protecting their own Fermilab credentials. Please take a moment to review the following tips on recognizing phishing emails:  

• Be immediately suspicious if the message tries to scare you, offers an incredible deal or prompts you to reset a password or update account information.
  
  
• Check each link by hovering over it to see its true source. If the URL is unfamiliar or differs from what you expected to see, don’t click.
  
  
• Verify claims and offers via a trusted website or known phone number.
  
  
• Ask the Service Desk for advice if you’re unsure.    

 

Some additional tips include:  

• Do not trust any email that urgently requests your personal information, username, or password.
  
  
• Never click on links in emails until you confirm the sender is authentic.
  
  
• Check the From: field closely, but know that the "From:" field can be spoofed.
  
  
• Phishing websites may look real, by using company logos, and domain names that might be close misspellings or look-a-likes.
  
  
• Be suspicious of file attachments with a generic or impersonal message.
  
  
• Think about the information you are being asked to provide. Legitimate companies will not ask you to provide personal or sensitive information over email.
  
  
• Legitimate companies will never ask you to confirm your personal information or username/password in email.
  
  
• One of the most effective ways to stay safe is to hover your mouse over links in the message to see if you recognize them.
  

 

To learn more about Computer Security Awareness, visit our new website: securityawareness.fnal.gov