Clicking on the wrong malicious link or attachment, or disclosing your password in reply to a malicious email or on a fake and nasty CERN single sign-on page, are two major attack vectors for the evil side to infiltrate CERN. That’s why the Computer Security team is testing you again and again with its clicking campaigns (see here, here and here). While those were focusing on malicious messages received by email, we should not ignore other vectors, like SMSs.
SMSs, iMessages and (with greater difficulty) chat messages via apps like WhatsApp, Signal or Threema can also be used to distribute unsolicited messages containing malicious content that try to lure you into clicking on an embedded link that misdirects you to a fake login page or downloading infected software directly to your device:
Clicking on that t.ly link could lead you anywhere, and it’s hard to figure out whether the destination is harmless or dangerous to your device and password – just like with today’s very popular QR codes (“'Check me' comes before 'Scan me'”). SMSs are a particularly interesting attack vector, as the relevant phone numbers can be enumerated, so attackers target a telephone range, like that of CERN’s +41 75 411 nnnn. Protective counter measures are rarely effective, in particular if the emitting sender’s phone number varies or is spoofed. So, while in messenger apps the attacker or idiot distributing malicious links must be part of your peers, group or friends, SMSs can arrive totally unsolicited.
In either case, beware! As we have tried to instil in you with our clicking campaigns, be vigilant and suspicious when receiving unsolicited messages via SMS, iMessage, WhatsApp and the like. Check the package: Does the message come from someone you know? Do its contents relate to who you are, what you do, what you expect? Or does it come as a surprise? If it’s the latter, tame your curiosity. Refrain from clicking. Save your device and account from evil, and yourself from wasting time. Don’t give PhishMSs a chance.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.