How to identify malicious e-mails

...and also beware of malicious attachments

• Don't open attachments that you don't expect. If in doubt, double-check with the sender.
• Never enable macros in documents you receive!
• Don't follow links in attached documents. Or if you do, make sure that they point to a legitimate webpage.

What a malicious e-mail can do to you

If a malicious attacker would have sent that e-mail, and you would have clicked on any embedded link or opened the attachment, your computer would most likely be infected by now, and:

• All your passwords would have been stolen: CERN, Facebook, PayPal, Amazon,...
• All your activities would have been clandestinely monitored: mouse movements & clicks, words typed, screenshots, microphone and webcam recordings,...
• Confidential documents would have been exfiltrated
• An attack path into CERN would have been opened (a so-called back-door)

In consequence, you would have had to reinstall your computer from scratch and to change all your passwords... And if you want to test yourself, the UK has set up this nice quiz.

For comments or questions, please contact us at Computer.Security@cern.ch.

For All Users
(Experts or Not)

• Seven easy good practises
• Passwords & toothbrushes
• Starting with multi-factor authentication
• Bad mails for you:
  "Phishing", "SPAM" & fraud
• How to identify malicious e-mails and attachments
• How to secure your PC or Mac
• Working remotely
• Connecting to CERN
• Connecting using SSH
• Encrypting Windows PCs/laptops (Bitlocker), Macs (FileVault) and Linux (LUKS)
• More on Windows folders, Mozilla security

For Software Developers

• Good programming in C/C++, Java, Perl, PHP, and Python
• How to keep secrets secret
  (alternatives to passwords)
• Security checklist
• GitLab CI Security Tools
• Securing Web applications
• Static code analysis tools
• Further reading

For System Owners

• Checking for rootkits
• Securing Control Systems (CNIC)
• Securing Containers & Pods
• Security baselines
• The CERN Linux vulnerability FAQ