====== Spam, Phishing and Malware ======
Motto:
* **Bad news** = You cannot be prepared to all attacker’s inventions
* **Good news** = Being slightly more clever, than the attacker expects you are, is enough.
- Quick and automate reaction makes troubles.
- Do not accept what message suggests, until you are perfectly sure you understand the intentions.
- Do not belive the sender's identity until you really verify it (check sender’s email address closely).
* Better safe, than sorry.
* Be brave! Never try to conceal your possible mistake - take it in possitive way - we all learn from mistakes. We all :-)
* Cowards who awkwardly try to avoid of mistake revealing usualy make things much worse for them and for the rest of the institution.
Bonuses:
[[https://tiptopsecurity.com/the-truth-about-clicking-links-in-email-and-what-to-do-instead/|Good article about clicking links in emails]] (phishing etc.)
[[https://support.mozilla.org/en-US/kb/remote-content-in-messages|How and why Thunderbird block remote content]]
----
See also "**[[:public:emai:malware|Dealing with malware, spam, suspicious content]]**" in separated CERGE-EI Wiki article (details about security measures applied to incoming emails)
and **[[:public:emai:spam_chain|"Spam fiters at CERGE-EI"]]** (describing chain of email filters for incoming traffic)
----
==== Types of attacks, its danger and adequate reaction: ====
=== spam ===
[Classification: POTENTIALY DANGEROUS]
* Unsolicited mail, just offers unneeded or annoying things.
* By links to __fraudulent webpages__ or __danger attachments__ could be transformed to other type.
* Do not open links and attachments, do not reply to it, delete it.
=== hoax ===
[Classification: ANNOYING]
* By wiki: A hoax is a falsehood deliberately fabricated to masquerade as the truth.
* You could be abused to help distribute it. Other harmful content could be appended.
* Do not resend it to any other address, delete it.
=== phishing ===
[Classification: PRETTY DANGEROUS]
* Asks for confidential and private information, often by using fraudulent webpage, masking the request as an account renew etc. Make __time pressure__ and __urgency illusion__.
* Never use offered links without its __authenticity thorough verification__.
* Be very careful and abstemious by inserting your login and password anywhere.
=== spoofing ===
[Classification: DANGEROUS]
* The message looks like sent from a trustworthy address, your jobmate, manager, IT crowd, your home institution server etc.
* Verify sender’s email address, not only the free text label presented by some e-mail client.
* Take care of “mistyped” form of address, e.g cerce-ei,cz or enlarged form cerge-ei.cz.xxxxx etc.
=== malware ===
[Classification: DANGEROUS]
* The harmful code hidden in an executable attachment or in a document as a macro or on the fraudulent webpage linked from the message.
* Never open documents or pages looking like something very very interesting. There is no chance to take a non-binding look.
=== ransomware ===
[Classification: THE MOST DANGEROUS]
* Special malware __encrypting every data__ you can access and asking ransom. The process of encrypting could be long term so backups could be affected too.
* Avoid being infected by malware.
==== What to do, if you are uncertain about email (possible cyber attack) ====
- Thing first, check all circumstances, ask in doubt (IT, colleagues, sender,…).
- Do not allow the time presure effect, think twice. postpone the action (back to step 1 eventually :-)
- Only if you are absolutely sure, continue with an action suggested in email (settings review, password change etc.)
- In case of any suspicion at any time, share it with IT (including all details).
- If you think you have compromised your password or account in any way, change the password ASAP and inform IT (compulsory).
In any doubt, do not hesitate to ask **helpdesk@cerge-ei.cz**. Please prepare complete documentation, timeline, addresses, raw text of message (see [[:public:emai:em_problem_report|wiki - problem reporting]])