Differences

This shows you the differences between two versions of the page.

--- public:emai:spam [2021-06-04 12:24] – [Spam, Phishing and Malware] marp
+++ public:emai:spam [2021-11-19 08:12] – vesely
@@ Line 2: / Line 2: @@
 Motto:
-   * Bad news = You can not be prepared to all attacker’s inventions
-   * Good news = Being slightly more clever, than the attacker expects you are, is enough.
-   - Quick and automate reaction makes troubles.
+  * **<font inherit/inherit;;#e74c3c;;inherit>Bad news</font>**  = You cannot be prepared to all attacker’s inventions
-   - Do not accept what message suggests, until  you are perfectly sure you understand the intentions.
+  * **<font inherit/inherit;;#2ecc71;;inherit>Good news</font>**  = Being slightly more clever, than the attacker expects you are, is enough.
-   - Do not belive the sender's identity until you really verify it (check sender’s email address closely).
-   * Better safe, than sorry.
-[[https://tiptopsecurity.com/the-truth-about-clicking-links-in-email-and-what-to-do-instead/|Good article about clicking links in emails]]
+  - Quick and automate reaction makes troubles.
+  - Do not accept what message suggests, until you are perfectly sure you understand the intentions.
+  - Do not belive the sender's identity until you really verify it (check sender’s email address closely).
+  * Better safe, than sorry.
+  * Be brave! Never try to conceal your possible mistake - take it in possitive way - we all learn from mistakes. We all :-)
+  * Cowards who awkwardly try to avoid of mistake revealing usualy make things much worse for them and for the rest of the institution.
+Bonuses:
+[[https://tiptopsecurity.com/the-truth-about-clicking-links-in-email-and-what-to-do-instead/|Good article about clicking links in emails]] (phishing etc.)
 [[https://support.mozilla.org/en-US/kb/remote-content-in-messages|How and why Thunderbird block remote content]]
-==== See detailed information here ====
+----
-[[public:emai:malware|Dealing with malware, spam, suspicious content]]
+<faicon fa fa-hand-o-right> See also "**[[:public:emai:malware|Dealing with malware, spam, suspicious content]]**" in separated CERGE-EI Wiki article (details about security measures applied to incoming emails)
+<faicon fa fa-hand-o-right> and **[[:public:emai:spam_chain|"Spam fiters at CERGE-EI"]]**  (describing chain of email filters for incoming traffic)
+----
 ==== Types of attacks, its danger and adequate reaction: ====
 === spam ===
-   * Unsolicited mail, just offers unneeded or annoying things.
+<code>
-   * By links to __fraudulent webpages__ or __danger attachments__ could be transformed to other type.
-   * Do not open links and attachments, do not reply to it, delete it.
-=== hoax ===
+[Classification: POTENTIALY DANGEROUS]
-   * By wiki: A hoax is a falsehood deliberately fabricated to masquerade as the truth.
-   * You could be abused to help distribute it. Other harmful content could be appended.
-   * Do not resend it to any other address, delete it.
-=== phishing ===
+</code>
-   * Ask for confidential and private information, often by using fraudulent webpage, masking the request as an account renew etc. Make __time pressure__ and __urgency illusion__.
-   * Never use offered links without its __authenticity thorough verification__.
+  * Unsolicited mail, just offers unneeded or annoying things.
-   * Be very careful and abstemious by inserting your login and password anywhere.
+  * By links to __fraudulent webpages__  or __danger attachments__  could be transformed to other type.
+  * Do not open links and attachments, do not reply to it, delete it.
+=== hoax ===
+<code>
+[Classification: ANNOYING]
+</code>
+  * By wiki: A hoax is a falsehood deliberately fabricated to masquerade as the truth.
+  * You could be abused to help distribute it. Other harmful content could be appended.
+  * Do not resend it to any other address, delete it.
+=== phishing ===
+<code>
+[Classification: PRETTY DANGEROUS]
+</code>
+  * Ask for confidential and private information, often by using fraudulent webpage, masking the request as an account renew etc. Make __time pressure__  and __urgency illusion__.
+  * Never use offered links without its __authenticity thorough verification__.
+  * Be very careful and abstemious by inserting your login and password anywhere.
 === spoofing ===
-   * The message looks like sent from a trustworthy address, your jobmate, manager, IT crowd, your home institution server etc.
-   * Verify sender’s email address, not only the free text label presented by some e-mail client.
+<code>
-   * Take care of “mistyped” form of address, e.g cerce-ei,cz or enlarged form cerge-ei.cz.xxxxx etc.
+[Classification: DANGEROUS]
+</code>
+  * The message looks like sent from a trustworthy address, your jobmate, manager, IT crowd, your home institution server etc.
+  * Verify sender’s email address, not only the free text label presented by some e-mail client.
+  * Take care of “mistyped” form of address, e.g cerce-ei,cz or enlarged form cerge-ei.cz.xxxxx etc.
 === malware ===
-   * The harmful code hidden in an executable attachment or in a document as a macro or on the fraudulent webpage linked from the message.
-   * Never open documents or pages looking like something very very interesting. There is no chance to take a non-binding look.
+<code>
+[Classification: DANGEROUS]
+</code>
+  * The harmful code hidden in an executable attachment or in a document as a macro or on the fraudulent webpage linked from the message.
+  * Never open documents or pages looking like something very very interesting. There is no chance to take a non-binding look.
 === ransomware ===
-   * Special malware __encrypting every data__ you can access and asking ransom. The process of encrypting could be long term so backups could be affected too.
-   * Avoid being infected by malware.
-==== What to do, if you become a target of the cyber attack ====
+<code>
+[Classification: THE MOST DANGEROUS]
+</code>
+  * Special malware __encrypting every data__  you can access and asking ransom. The process of encrypting could be long term so backups could be affected too.
+  * Avoid being infected by malware.
+==== What to do, if you are uncertain about email (possible cyber attack) ====
+  - Thing first, check all circumstances, ask in doubt (IT, colleagues, sender,…).
+  - Do not allow the time presure effect, think twice. postpone the action (back to step 1 eventually :-)
+  - Only if you are absolutely sure, continue with an action suggested in email (settings review, password change etc.)
+  - In case of any suspicion at any time, share it with IT (including all details).
+  - If you think you have compromised your password or account in any way, change the password ASAP and inform IT (compulsory).
-   - Thing first, check all circumstances, ask in doubt.
+In any doubt, do not hesitate to ask **helpdesk@cerge-ei.cz**. Please prepare complete documentation, timeline, addresses, raw text of message (see [[:public:emai:em_problem_report|wiki - problem reporting]])
-   - Do not accept time presure, postpone action, back to 1, how many times you need.
-   - Only if you are sure, make some settings, password change etc.
-   - In case of any suspicion, tell it including all details to IT.
-   - If you have by mistake compromised your password, change it ASAP and inform IT (compulsory).
-In any doubt, do not hesitate to ask **helpdesk@cerge-ei.cz**. Please prepare complete documentation, timeline, addresses, raw text of message (see [[public:emai:em_problem_report|wiki - problem reporting]])