Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:emai:spam [2021-06-04 12:21] – [Spam, Phishing and Malware] marp | public:emai:spam [2021-11-19 08:12] – vesely | ||
---|---|---|---|
Line 2: | Line 2: | ||
Motto: | Motto: | ||
- | * Bad news = You can not be prepared to all attacker’s inventions | ||
- | * Good news = Being slightly more clever, than the attacker expects you are, is enough. | ||
- | - Quick and automate reaction makes troubles. | + | |
- | | + | * **<font inherit/ |
- | - Do not belive the sender' | + | |
- | | + | |
- | [[https:// | + | - Quick and automate reaction makes troubles. |
+ | - Do not accept what message suggests, until you are perfectly sure you understand the intentions. | ||
+ | - Do not belive the sender' | ||
+ | |||
+ | * Better safe, than sorry. | ||
+ | * Be brave! Never try to conceal your possible mistake - take it in possitive way - we all learn from mistakes. We all :-) | ||
+ | * Cowards who awkwardly try to avoid of mistake revealing usualy make things much worse for them and for the rest of the institution. | ||
+ | |||
+ | Bonuses: | ||
+ | |||
+ | [[https:// | ||
[[https:// | [[https:// | ||
- | [[public: | + | ---- |
+ | <faicon fa fa-hand-o-right> | ||
- | ==== Types of attacks, its danger | + | and **[[:public: |
+ | ---- | ||
+ | |||
+ | ==== Types of attacks, its danger and adequate reaction: ==== | ||
=== spam === | === spam === | ||
- | * Unsolicited mail, just offers unneeded or annoying things. | + | < |
- | * By links to __fraudulent webpages__ or __danger attachments__ could be transformed to other type. | + | |
- | * Do not open links and attachments, | + | |
- | === hoax === | + | [Classification: POTENTIALY DANGEROUS] |
- | * By wiki: A hoax is a falsehood deliberately fabricated to masquerade as the truth. | + | |
- | * You could be abused to help distribute it. Other harmful content could be appended. | + | |
- | * Do not resend it to any other address, delete it. | + | |
- | === phishing === | + | </ |
- | | + | |
- | | + | * Unsolicited mail, just offers unneeded or annoying things. |
- | | + | * By links to __fraudulent webpages__ |
+ | * Do not open links and attachments, | ||
+ | |||
+ | === hoax === | ||
+ | |||
+ | < | ||
+ | [Classification: | ||
+ | |||
+ | </ | ||
+ | |||
+ | * By wiki: A hoax is a falsehood deliberately fabricated to masquerade as the truth. | ||
+ | * You could be abused to help distribute it. Other harmful content could be appended. | ||
+ | * Do not resend it to any other address, delete it. | ||
+ | |||
+ | === phishing === | ||
+ | |||
+ | < | ||
+ | [Classification: | ||
+ | |||
+ | </ | ||
+ | |||
+ | | ||
+ | * Never use offered links without its __authenticity thorough verification__. | ||
+ | * Be very careful and abstemious by inserting your login and password anywhere. | ||
=== spoofing === | === spoofing === | ||
- | * The message looks like sent from a trustworthy address, your jobmate, manager, IT crowd, your home institution server etc. | + | |
- | | + | < |
- | | + | [Classification: |
+ | |||
+ | </ | ||
+ | |||
+ | | ||
+ | * Verify sender’s email address, not only the free text label presented by some e-mail client. | ||
+ | * Take care of “mistyped” form of address, e.g cerce-ei,cz or enlarged form cerge-ei.cz.xxxxx etc. | ||
=== malware === | === malware === | ||
- | * The harmful code hidden in an executable attachment or in a document as a macro or on the fraudulent webpage linked from the message. | + | |
- | | + | < |
+ | [Classification: | ||
+ | |||
+ | </ | ||
+ | |||
+ | | ||
+ | * Never open documents or pages looking like something very very interesting. There is no chance to take a non-binding look. | ||
=== ransomware === | === ransomware === | ||
- | * Special malware __encrypting every data__ you can access and asking ransom. The process of encrypting could be long term so backups could be affected too. | ||
- | * Avoid being infected by malware. | ||
- | ==== What to do, if you become a target of the cyber attack ==== | + | < |
+ | [Classification: | ||
+ | |||
+ | </ | ||
+ | |||
+ | * Special malware __encrypting every data__ | ||
+ | * Avoid being infected by malware. | ||
+ | |||
+ | ==== What to do, if you are uncertain about email (possible | ||
+ | |||
+ | - Thing first, check all circumstances, | ||
+ | - Do not allow the time presure effect, think twice. postpone the action (back to step 1 eventually :-) | ||
+ | - Only if you are absolutely sure, continue with an action suggested in email (settings review, password change etc.) | ||
+ | - In case of any suspicion at any time, share it with IT (including all details). | ||
+ | - If you think you have compromised your password or account in any way, change the password ASAP and inform IT (compulsory). | ||
- | - Thing first, check all circumstances, ask in doubt. | + | In any doubt, do not hesitate to ask **helpdesk@cerge-ei.cz**. Please prepare complete documentation, timeline, addresses, raw text of message (see [[: |
- | - Do not accept time presure, postpone action, back to 1, how many times you need. | + | |
- | - Only if you are sure, make some settings, password change etc. | + | |
- | - In case of any suspicion, tell it including all details to IT. | + | |
- | - If you have by mistake compromised your password, change it ASAP and inform IT (compulsory). | + | |
- | In any doubt, do not hesitate to ask **helpdesk@cerge-ei.cz**. Please prepare complete documentation, | ||