News News Topic: Computing

Voir en

français

Computer Security: PhishMS

|

By Computer Security team

Clicking on the wrong malicious link or attachment, or disclosing your password in reply to a malicious email or on a fake and nasty CERN single sign-on page, are two major attack vectors for the evil side to infiltrate CERN. That’s why the Computer Security team is testing you again and again with its clicking campaigns (see here, here and here). While those were focusing on malicious messages received by email, we should not ignore other vectors, like SMSs.

SMSs, iMessages and (with greater difficulty) chat messages via apps like WhatsApp, Signal or Threema can also be used to distribute unsolicited messages containing malicious content that try to lure you into clicking on an embedded link that misdirects you to a fake login page or downloading infected software directly to your device:

home.cern,Computers and Control Rooms
 

Clicking on that t.ly link could lead you anywhere, and it’s hard to figure out whether the destination is harmless or dangerous to your device and password – just like with today’s very popular QR codes (“'Check me' comes before 'Scan me'”). SMSs are a particularly interesting attack vector, as the relevant phone numbers can be enumerated, so attackers target a telephone range, like that of CERN’s +41 75 411 nnnn. Protective counter measures are rarely effective, in particular if the emitting sender’s phone number varies or is spoofed. So, while in messenger apps the attacker or idiot distributing malicious links must be part of your peers, group or friends, SMSs can arrive totally unsolicited.

In either case, beware! As we have tried to instil in you with our clicking campaigns, be vigilant and suspicious when receiving unsolicited messages via SMS, iMessage, WhatsApp and the like. Check the package: Does the message come from someone you know? Do its contents relate to who you are, what you do, what you expect? Or does it come as a surprise? If it’s the latter, tame your curiosity. Refrain from clicking. Save your device and account from evil, and yourself from wasting time. Don’t give PhishMSs a chance.

______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Computer Security

Related Articles

Computer Security: Swipes vs PINs vs password...

Computing
News

Computer Security: Day of the open firewall

Computing
News

Computer Security: Bingo walk-through

Computing
News
View all news

Also On Computing

IT: interactions, innovations, impact

Computing
Opinion
Enrica Porcari

CERN donates computing equipment to South Afr...

Computing
News

The next-generation triggers for CERN detecto...

Computing
News

Computer Security: Swipes vs PINs vs password...

Computing
News

World Wide Web at 35

Computing
News

Computer Security: Day of the open firewall

Computing
News

CERN rewarded for its contributions to cloud ...

Computing
News

Farewell to the Alcatel phone exchange

Computing
News

Computer Security: Bingo walk-through

Computing
News
View all news