Sent on Behalf of the Computing and Networking Infrastructure Group
Over the past several weeks, a number of "phishing" attempts targeting DOE labs have been reported by CIAC, DOE's incident advisory group. Some successful attacks have been reported.
These hacking attempts have involved e-mails that contained apparently routine reports or requests for information. Following a clickable link or opening an attached file in these e-mails installed malicious code on the victim's machine. ORNL has reported loss of Personally Identifiable Information (PII), because a number of individuals opened links in what appeared to be legitimate communications.
Anti-virus programs cannot provide complete protection against such attacks, because they rely on recognition of known patterns in malicious code -- new or newly modified viruses or trojans will not be recognized.
Protection of individual systems relies on the skepticism (or paranoia) of the person at the keyboard: Don't follow links unless you know for certain that they lead to legitimate websites, and don't open attachments unless you know for certain that they contain legitimate documents.
Additional information on recently reported attacks is available from ABC News at the following URL: http://www.abcnews.go.com/TheLaw/Technology/story?id=3966047&page=1
If you receive a suspicious e-mail or if you have questions, contact the Computer Center Help Desk at x7155 or firstname.lastname@example.org
Submitted: Tuesday, December 11, 2007 - 12:00am