Email: dangers and inconveniences

Emails can have attachments that are infected by a virus or they can have links (URL’s) pointing to infected content. However, there are no virus that will automatically run and infect your PC if you just open a message, you will be infected only if you open the attachment or follow the link. The author of a virus will therefore try to have you do just that:

• he/she will scare you (e.g. you owe a large amount of money, you have commited a crime and the police is investigating about you, etc.) without being too specific, you will find the details in the attached file or by following the link
• he/she will arouse your curiosity (something about a celebrity, your boss, your secretary, a recent event that is prominent in the press, etc.) and again everything remains mysterious, you will kown all of it if you open the attached file or follow the link
• he/she will spoof the sender’s address (this is fairly easy to do) to let you think that the message comes from a colleague, an EPFL office, a bank. etc. to add to the plausibility of the story

To protect yourself against viruses coming with emails:

• before opening an attachment or following a link take the time to think about its context: is its content pretty “open” (it could make sense for a  lot of people) or are there elements that indeed concern only you or that are known only to you and the sender ? In the former case, the probability of a virus is higher, while it is lower in the latter case
• if you have any doubt ask you computer support team or the VPSI computer security team (email [email protected])
• don’t trust the sender’s name or email address, it is easy to spoof
• Beware : as far as computer security is concerned, emails require constant vigilance.
• Reminder: anti-virus installation on Windows

A phishing is an email that a hacker will send you, trying to make you reveal, by reply or on a Web form under his/her control, some confidential information:

• your EPFL username and you Gaspar password
• other authentication data (your password for Gmail, Apple/iTunes, Facebook, Yahoo, etc.)
• your credit card data

Just like for viruses (see above), the hacker will try to have you react quickly and without thinking by scaring you (if you don’t give away the requested information, you will e.g. lose access to your email, your mailbox will be erased, a large  amount of money will be debited from your account, etc.)

To protect yourself from phishing:

• never reveal confidential data (passwords, credit card or bank account data) through email, no serious institution/company will ever ask you to do that
• enter your identification data (userame and password) for an institution/company only on Web forms under its control, for example enter your Gaspar password only on Web servers with names ending in epfl.ch
• a hacker can easily fake the graphical look of your bank’s or an EPFL Web site, so don’t trust a Web form based only on its look
• if you have any doubt ask you computer support team or the VPSI computer security team (email [email protected])
• don’t trust the sender’s name or email address, it is easy to spoof
• be wary of messages that use an unusual language, for instance EPFL messages will never use german and your bank certainly knows the language that should be used to communicate with you

These are emails basically offering easy money, with many variations:

• you have won a lottery (Google’s, Microsoft’s or even that of the United Nations !)
• if you help the heir of the potentate of an exotic country to evade taxation you will get a handy part of it as a reward
• a company wants to refund you a sum of money because you have payed too much
• loans with a very low interest rate, without restrictions and without solvability checks

The scam resides in the fact that there will be fees upfront (notarial, for bank transfers and so on) for money that will never come your way.

What you should do with these scam messages:

• simply delete and ignore them
• don’t answer them or get in touch with the sender, even out of curiosity
• please don’t forward them to the computer security group or the EPFL ServiceDesk, they will be silently ignored

It may happen that members of the EPFL receive error messages (sometimes a great many of them) for emails that they have not sent. They may then think that their email account has been hacked or that their password has leaked. This is actually very rarely the case and the explanation is the following.

The sender’s address of emails is fairly easy to spoof (but the same thing is true with the good old paper+envelope mail, where I can write anything I want as return address on the back of the envelope). Spammers and virus writers are quite keen to do it, as it covers their tracks and confuses content filters.

While it is vexing enough to see one’s email address spoofed in this way, it is made even worse by receiving a lot of error messages for emails one has not sent, for instance when the spammer targeted an outdated email address or with a full mailbox. As spammers periodically use this trick, anyone can suddenly receive numerous such error messages.

What to do about these unwanted error messages: open a ticket

Many people use the word spam to cover any unpleasant message that they would prefer not to receive, but the exact definition is any advertising message sent to a great number of recipients.

At the EPFL, the Ironport anti-spam filter tries to block as many as possible of such messages, but it does happen that spam gets through and reaches your mailbox.

Report filter errors

• false negative (spam not retained): send the message as a forward as “attachment” to [email protected]
• false positive (message mistakenly retained as spam): first release the message and then send it as a “forward as attachment” to [email protected]

Not as frequently as a few year ago, hoaxes are from time to time spread by email. These are messages warning the recipients and asking them to spread and forward the message to their family, friends and colleagues (this point is the characteristics of the phenomenon), the warning being about e.g. a new virus, a missing, a conspiracy revealing the maliciousness of a minority group, and so on.

What to do if you receive a hoax message:

Please don’t spread this kind of message, they are generally initiated by pranksters. You may consult these sites that list known hoaxes:

• http://www.snopes.com
• https://home.mcafee.com/VirusInfo/VirusHoaxes.aspx
• http://www.hoaxbuster.com/ (in french)

if you find the hoax on one of these sites, you may want to tell it to the sender of the message.