How to identify malicious e-mails

...and also beware of malicious attachments

  • Don't open attachments that you don't expect. If in doubt, double-check with the sender.
  • Never enable macros in documents you receive!
  • Don't follow links in attached documents. Or if you do, make sure that they point to a legitimate webpage.

What a malicious e-mail can do to you

If a malicious attacker would have sent that e-mail, and you would have clicked on any embedded link or opened the attachment, your computer would most likely be infected by now, and:

  • All your passwords would have been stolen: CERN, Facebook, PayPal, Amazon,...
  • All your activities would have been clandestinely monitored: mouse movements & clicks, words typed, screenshots, microphone and webcam recordings,...
  • Confidential documents would have been exfiltrated
  • An attack path into CERN would have been opened (a so-called back-door)

In consequence, you would have had to reinstall your computer from scratch and to change all your passwords... And if you want to test yourself, the UK has set up this nice quiz.

For comments or questions, please contact us at Computer.Security@cern.ch.