"E-mail Quota" Phishing Attempt

The Tuesday, April 27, e-mail with subject line "E-Mail quotas to be enforced" was an internal test to measure how the BNL community would respond to a simulated phishing attack. The results were mixed -- the bottom line is that many people identified the message as a phishing attempt, but approximately 1,100 people clicked on the link, and more than 800 of those also entered their login credentials.

Shortly after the e-mail was sent, recipients who suspected it was a phishing message reported it to the ITD Helpdesk (Ext. 5522), to security@bnl.gov, and some even stopped by the Cyber Security office. The communication within groups and between system administrators and end users was quick and effective in many areas, and we are grateful for all your efforts.

While the e-mail looked legitimate, it contained the basic indicators of a phishing attack, including:

  • the From: address was not from bnl.gov, but from bnl.gov.us
  • the link was to a non-BNL website with domain name of bnl.web-access-email.com

In addition, those who clicked on the link were sent to a page that looked nothing like a BNL web page and were prompted to enter their user id and password - something ITD has stressed it would never do. All the warning indicators are explained on
this page.

Phishing is a continuing problem for BNL. Our e-mail gateways currently block approximately 90 percent of all incoming messages because they are spam or phishing attempts. This test simulated what would happen if just one attempt got through for bulk distribution to the site. It is important to be aware of the indicators of phishing e-mails, as just one compromised machine inside BNL can be used to attack other internal systems.

If this had been a real attack and 20 percent of our staff provided their credentials to real hackers, the impact could have been quite dramatic. Last week, an individual was tricked by a phishing attack similar to this one. Within 24 hours the stolen credentials were used to gain access to the victim's e-mail account and more than 50,000 spam messages were sent out as if coming from BNL. This resulted in numerous external organizations refusing to accept e-mail from BNL, causing disruptions to communications. It can take many days before the full flow of e-mail is restored.

ITD is in the process of developing targeted training to better educate our staff on how to identify phishing attempts.


Article >>

1 2 3 4 5 6


Top of Page

Last Modified: May 26, 2010
Please forward all questions about this site to: Kathy Folkers


DOE, Office of Science One of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE's Office of Science by Brookhaven Science Associates, a limited-liability company founded by the Research Foundation for the State University of New York on behalf of Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice  | Contact Web Services for help