Bad Mails for You: "Phishing", SPAM and Fraud

Unsolicited email, commonly known as SPAM, is a growing problem across the Internet at large. Besides the annoying advertising of products, SPAM mails are trying to validate your email address or try to trick you in disclosing your password (so-called "Phishing"-emails for "password fishing"). In addition, some computer viruses often hide in emails or in their attachements, and place your computer at risk.

CERN's email gateways classify around 98% of the incoming emails as SPAM. Still, such emails can reach you because distinguishing SPAM from intended email is not easy.

If an email looks suspicious, do not even open it - just delete (from Outlook you can delete email using the right button of your mouse to select the message and then selecting delete). If you continue to receive unsolicited e-mail from the same sender then you can report this to spam-report@cern.ch.

"Phishing"

"Phishing" is an attempt to trick someone to reveal his password. Criminals use various phishing techniques to fool computer users. One of the technique is to send a fake e-mail, that looks like coming from a legitimate source (a bank, the employeer, the mail service, the helpdesk etc.) asking for a user name and a password. Another technique involves a similar e-mail that contains a link to a criminal-operated Web page that looks like a legitimate Web page of a bank, on-line service etc. - criminals hope that the victim will type his password on that Web site without realising that it is not the real, legitimate one. This is how attackers usually steal user passwords.

Ever wondered how good you are at telling the difference between a legitimate website and one that's a phishing attempt? Take the quiz below to find out or try yourself whether you can outsmart Internet scammers (© OpenDNS).

© OnGuard Online

Examples

SPAM and virus emails can be disguised to trick you into reading the email and/or performing an action. Here are examples of some techniques to help you recognise them:

• Fake email addresses: emails can appear to be from people you know or even from yourself. In fact, email addresses can be faked quite easily. Your own email address can appear in emails which you did not send, resulting in non-delivery messages or unexpected replies. If the email looks suspicious then delete it and do not open the attachments. If you are unsure then check with the sender first;
• Enticing subjects: the email subject uses words to make you curious, believe the email is important, or specific to you, so that you will read it. It may even appear to be from someone you know. Delete it and do not open the attachments;
• Asking for your password: emails can appear to come from the CERN Computer Support, the mail services or other bodies, and might ask to provide your password. These emails are named "Phishing" emails trying to "fish your password" (hence the word). Do not reply. No legitimate person will ever ask your for your password. Never;
• Click on an embedded link: if you click on a link which is embedded in your email, this can initiate a download of a virus, or lead you to a fake login page which tries to "fish your password". In addition, this can also be a technique to validate your email address and increase your chances of receiving more unwanted emails. If in doubt, do not click;
• Unexpected attachments: such attachements might contain a virus or some other malicious code. If in doubt either delete the e-mail directly or obtain further details from the sender before opening the attachment. The safest way to read an attachment is to first copy it to disk and then open it using the appropriate program (Word, Excel, ...);
• Asking you to forward email to people you know: this false information or the mail can contain a virus. If the email warns of a virus then it is almost certainly a hoax. Do not forward such an email;
• Join a petition or support a cause: the petition or cause rarely exists. It is more likely that your email address will be collected and used for further SPAM mails (as sender or receiver). References to recent topical events are common techniques to make the false information look more realistic. Do not forward or reply such an email;
• Money scams: one of many examples of false information are "money scams" offering you "a hell lot of money" provided you send them a few dollars for the transaction. Don't believe them, just delete such emails;
• "Response to your request": an email may pretend that you made a request so that you will take it more seriously. Do not be tricked by false information. Just delete the email;
• "Remove from a list": asking you take action to remove yourself from a mailing list which you did not join can be used to validate your address for (ab)use in the same way as petitions and causes. Do not click or reply in order to get yourselve removed. Just ignore.

For All Users
(Experts or Not)

• Seven easy good practises
• Passwords & toothbrushes
• Starting with multi-factor authentication
• Bad mails for you:
  "Phishing", "SPAM" & fraud
• How to identify malicious e-mails and attachments
• How to secure your PC or Mac
• Working remotely
• Connecting to CERN
• Connecting using SSH
• Encrypting Windows PCs/laptops (Bitlocker), Macs (FileVault) and Linux (LUKS)
• More on Windows folders, Mozilla security

For Software Developers

• Good programming in C/C++, Java, Perl, PHP, and Python
• How to keep secrets secret
  (alternatives to passwords)
• Security checklist
• GitLab CI Security Tools
• Securing Web applications
• Static code analysis tools
• Further reading

For System Owners

• Checking for rootkits
• Securing Control Systems (CNIC)
• Securing Containers & Pods
• Security baselines
• The CERN Linux vulnerability FAQ