From Fermilab Today, October 14, 2009
Some Fermilab employees have reported receiving multiple unexpected e-mail messages from dubious addresses this month.
These messages are phishing, an attempt to gather information through electronic communication that can be used to steal your identity, your money, or both.
Any e-mail request for your password or any kind of personal information such as your bank account number or credit card number is not a legitimate request; ignore it.
But not all phishing messages ask directly for passwords or credit card numbers. The goal of some of these messages is to elicit a response to confirm whether the e-mail address is valid and can be sold or used later.
The best way to check the validity of a message is to make a phone call. Messages from laboratory staff either include a telephone number or you can look up their phone number to verify the e-mail's authenticity. If a message purports to come from a government agency, give that agency a call.
If you accidentally respond to a phishing email with any information that should not be public, contact the Service Desk at x2345 or contact computer security.