Actually, I don’t. And usually, wouldn’t only a few people address you like that? And what if this article had been an e-mail? With “I love you” as the subject line…? Sent by us, you would have simply ignored it, no? On the other hand, we got your attention – piqued your curiosity – and this is what malicious evil-doers are aiming to do too: get your attention via malicious e-mails. If you open up these e-mails, reply, click on links or open attachments – they have succeeded!
E-mails are one of the two primary vectors for screwing up your digital life (see our Bulletin article entitled “Protect your family”). Like browsing onto the wrong – malicious – webpage, one all-too-quick click on an embedded link, one attachment too many opened, one password sent in reply to an e-mail from a malicious attacker, and your digital life is in jeopardy. Your PC could be compromised; your data could be getting encrypted; your webcam could start to watch you; your microphone could start to spy on you. The attacker is recording every key you strike, every move you make, every word you speak; reading all the documents you host; and following all your posts on Facebook, Instagram, Twitter, etc. Privacy gone. Your digital life exposed. Game over.
Unfortunately, spotting malicious or fraudulent e-mails is getting more and more difficult. While CERN has deployed sophisticated measures in an effort to block malicious e-mails before they even arrive in your inbox, not all of them are filtered out: there might still be some that you can read. And worse, click on or reply to… So, beware: don’t let curiosity overwhelm you. Here are a few hints as to how you can easily spot malicious e-mails. Use common sense. Is this e-mail really addressed to you? Do the contents (or does the context) make sense? Does it relate to you, your life, your job, your interests? Is it in one of the languages in which you normally communicate? An e-mail stating “I love you” but not coming from your loved ones should be treated with care. Message texts written in German, if you don’t speak that language, should be ignored. An attachment from “Dänische Telekom” is almost certainly fraudulent if you do not have a subscription with them. And nude photos from your favourite rock star or actor just don’t exist – so no need to open them!
Similarly, e-mails that threaten or try to blackmail you should not be responded to. In the past, there were malicious e-mail campaigns that included passwords, maybe even a password you recognise, claiming that this is proof enough that the attackers have compromised your computer. But these are just scams. While it is true that your password may have been exposed somewhere (see our Bulletin article entitled “An old scam in a new disguise”), your computer has not been tampered with by those attackers. Even if those e-mails seem to be sent from your own e-mail address, they are still a scam. The e-mail protocol, unfortunately, has its weaknesses, and sender addresses can easily be spoofed. So please don’t think that a valid sender means it’s a valid e-mail! And check the fine print: when using small fonts, “cern.ch”, “cerm.ch”, “cem.ch” or “cen.ch” all look quite alike…
Finally, beware of embedded links. The magic of web links is that what is displayed and where it takes you might be different. Hover your mouse over the link before clicking. A small pop-up box should display and show you the link’s true destination. If this looks different to what is displayed, looks like gibberish, or just doesn’t make sense, don’t click! Better to hold on and let us help you! We can easily check whether this is a fraudulent or legitimate e-mail. If in doubt, send the e-mail to us at Computer.Security@cern.ch. Or check out our recommendations on how to identify malicious e-mails. Or test yourself with this excellent quiz made by Google.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.