A “standard” attack scenario against computing accounts is known as “phishing”, i.e. luring you into inadvertently disclosing your password to the maliciously evil attacker (see our latest Bulletin article “Email Senders: Pretence vs Reality”). Once successful, that malicious evil will either sell your credentials on the Dark Web to other evil people (and we checked for this in 2020, see “Digital stolen goods of CERN?”) or try to log in directly using your credentials together with your password. Boom, once the attacker is in, your professional and private life is in peril (“What do apartments and computers have in common?”).
As the very last line of defence, therefore, CERN employs automatic monitoring tools that will send a short notification for every login from a “new” location to the email address you have registered with CERN. As an attacker is unlikely to log in from your standard devices and locations like home, work, your university or your friend’s house, you should be able to spot the difference, identify this “new” location as a place where you have not been, and alert Computer.Security@cern.ch. The notification looks like this:
If you receive such a notification, please check. The embedded link leads to a webpage providing you with all the necessary help. If the location is unknown to you, or you did not log into CERN at that time, you had better be safe than sorry and change your CERN password as well as letting us know through the webpage.
Note that notifications will only be sent for each new domain, or geographical location, but not for every new IP in that domain. Once checked, the new domain or location will be whitelisted, so you are not notified again when using it again. Only if this domain/location remains idle for about three months, will we purge it from the whitelist. In case you would like to be notified earlier, you can review and remove your locations on this dedicated webpage.
Thanks a lot for being vigilant and alert, and helping us secure the Organization!
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.