IT security at the University of Bern

E-Mail-Security: You've got mail.

We receive contact requests, account notifications, newsletters, documents, and lots more via email. Unfortunately, criminals try to trick us by mingling fraudulent messages into this flood of information.

Attacked by an email

While modern cyber threats can take different forms and delivery methods, email continues to be one of the primary approaches used by cyber attackers. This is because private and business communications via email seem personal but are not: anyone can send you an email - and anyone does.

Email attack scenarios typically try to trick you into doing something you shouldn't, like clicking on a link, opening a document, or transferring money, and they have one thing in common: you have to act right now! So to stop you from thinking too much, it's always urgent!

It's always
urgent!

Scenario 1: Click here!

The attackers want you to visit a fake website to steal your login credentials or infect your computer with malware. Here are three examples of how they try to trick you:

Tempting offer: An iPhone for CHF1.00; a lottery win; 80% discount on designer bags.

Threat: Your account will be deleted; your emails will be deleted; your account has been hacked.

Disguise: Your IT department, your bank, a friend, or a colleague.

Have you clicked? Don't worry.

  • Change your passwords.
  • Run your antivirus program.
  • Talk to your IT department.

More Information

Phishing

Phishing attempts to gain access to personal information about an Internet user through fake websites, emails, or short messages to commit identity theft.

Further information on phishing.

Social Engineering

Social engineering is a common method of manipulating people, so they give up confidential information. The attack target is always the human.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than for you to try hacking their password (unless the password is really weak).

To obtain confidential information, it is very often the good faith and helpfulness and the uncertainty of a person exploited. From fake phone calls to people pretending to be someone else to phishing attacks, anything is possible.

Social networking sites have made social engineering attacks easier to conduct. For example, today's attackers can go to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed information that can be used to further an attack.

Further information on Social Engineering.

Spam mail

Spam email describes mass unsolicited emailing of promotional content that often contains infected attachments or links that lead to infected web pages.

Scenario 2: Open this document!

The attackers want you to visit a fake website to steal your login credentials or infect your computer with malware. Here are three examples of how they try to trick you:

Threat: You forgot to pay a bill (check the attachment!); you signed a contract.

Curiosity: A whistleblower shares secret information with you; someone shares salary or strategy information with you by accident.

Disguise: Julian Assange, any service provider, a debt collection company, a big bank, a well-known company, your company, or an applicant.

Have you opened a document? Don’t worry.

  • Delete the document properly.
  • Run your antivirus program.
  • Talk to your IT department.

More information

Ransomware

Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid for your system to work again.

Ransomware is a criminal moneymaking scheme, and the attackers can install the malicious software through deceptive links in an email message, instant message, or website. In addition, it has the ability to lock a computer screen or encrypt important, predetermined files with a password.

Typical attacks usually ask for $100 to $200. However, other attacks seek much more, especially if the attacker knows the data being held hostage can cause a significant direct financial loss to a company. As a result, cybercriminals who set up these scams can make big sums of money.

No matter what the scenario, even if the ransom is paid, there is no guarantee that computer users will be able to reaccess their systems. While some hackers direct victims to pay through Bitcoin, MoneyPak, or other online methods, attackers could also demand credit card data, adding another level of financial loss.

Don't pay the ransom as you may not get your files back even if you pay the ransom. In addition, a cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.

In 2016, European police forces joined forces in the fight against ransomware. Read more on nomoreransom.org.

Detailed statistics about ransomware and the estimated financial damage it causes can be found here.

Spyware

Spyware is a type of malware. It infiltrates your computing device, stealing data and sensitive information.

Spyware is used for many purposes. Usually, it aims to track your internet usage data, capture your credit card or bank account information, or steal your personal identity. Spyware is like a mirror for criminals. It monitors your internet activity, tracks your login and password information, and spies on your sensitive information.

Some spyware installs additional software or changes the settings. So it's important to use secure passwords and keep your devices updated.

Spyware can affect PCs, Macs, and iOS or Android devices. Although Windows operating systems may be more susceptible to attacks, attackers are becoming better at infiltrating Apple's operating systems as well.

Some common ways your computer can become infected:

  • Accepting a prompt or pop-up
  • Downloading software from an unreliable source
  • Opening email attachments from unknown senders
  • Pirating media such as movies, music, or games

Trojan

A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network.

A Trojan seeks to deceive you into loading and executing the malware on your device by acting to be the desired game or the song you like so much. You might also, for example, think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you've been fooled. The email is from a cybercriminal, and the file you clicked on - and downloaded and opened - has gone on to install malware on your device. Once installed, a Trojan can perform the action it was designed for.

Trojans usually are employed by cyber thieves and hackers trying to gain access to users' systems. They can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

Malware

Malware (= malicious software) is the umbrella term for malicious programs that run unnoticed in the user's background.

Put simply, Malware is any piece of software written with the intent of damaging devices, stealing data, and generally causing a mess. Viruses, Trojans, spyware, rootkits, and ransomware are among the different kinds of malware.

Teams of hackers often create malware: usually, they're just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the Dark Web. However, there can be other reasons for creating malware, too - it can be used as a tool for protest, a way to test security, or even as a weapon of war between governments.

More about malware.

Scenario 3: Transfer money!

The attackers want you to transfer money to a Western Union bank or using bitcoin. Here are three examples of how they try to trick you:

Threat: A very important project will fail, you'll be fired, or very personal information will be disclosed if you don't transfer the money; contact will stop if you don't transfer the money.

Tempting offer: After investing a small amount of money, you'll get a lot more in return; a friend needs your help.

Disguise: A friend, your supervisor, a prince, a supplier, or a bank employee.

Have you transferred money? Don’t worry.

  • Talk to your bank.
  • Stop communicating with the attacker immediately.
  • Report the incident to the police.

More information:

CEO fraud

CEO fraud is a sophisticated email scam that cybercriminals use to trick employees into transferring money or providing them with confidential company information.

Cybercriminals send savvy emails impersonating the company CEO or other company executives and ask employees, typically in HR or accounting, to help them out by sending a wire transfer. Often referred to as Business Email Compromise (BEC), this cybercrime uses spoofed or compromised email accounts to trick email recipients into acting.

CEO fraud is a social engineering technique that relies on winning the trust of the email recipient. The cybercriminals behind CEO fraud know that most people don't look at email addresses very closely or notice minor differences in spelling.

These emails use familiar yet urgent language and clarify that the recipient is doing the sender a big favor by helping them out. Cybercriminals prey on the human instinct to trust one another and on the desire to want to help others.

Spoofing

“To spoof” means to trick or deceive and is an apt description. For example, criminals send emails with the intent to deceive recipients with phishing or blackmail schemes.

This is done, for example, by sending emails from fake sender addresses, which may look like trusted and known sender addresses. Cybercriminals register domains for this purpose that are very similar to the imitated sender addresses and, at first glance, do not raise any suspicions.

Another method used by hackers is the manipulation of email headers. Here, the Sender field is changed so that it is hard, or impossible, to distinguish it from the original.

This allows the sender to send messages that appear to come from a known or trustworthy source, in some cases even from your own account.

Tips

1. Take your time: Any time something is urgent, take a deep breath and reflect a moment before you click on a link, open a document, or transfer money. Do a reality check!

2. Reality check: If something is too good to be true, it usually is - especially on the Internet. Ask yourself if the request or opportunity sent to you via email is realistic. Did I even enter a lottery? Would any designer sell its bags for this incredibly low price? Why would a whistleblower send me documents?

3. Check back: If the reality check does not provide clarity, check back. Is it a suspicious message from your bank? Call your bank. Is it a message from your supervisor? Talk to your supervisor. Is it a bill or contract from a company you know? Call that company.

General protection rules:

  • If you receive an attachment from someone you don't know, don't open it: delete it immediately. You should also be cautious of attachments from friends or family if you are not expecting them: their email accounts could be infected or their email address forged.
  • Hover your mouse over links before you click on them to see if the URL looks legitimate.
  • Instead of clicking on links, open a new browser and manually type in the address.
  • Don't give your email address to sites you don't trust.
  • Don't post your email address to public websites or forums: spammers often scan these sites for email addresses.
  • Understand that reputable businesses will never ask for personal information via email.
  • Google a suspicious email address to see if others received it too and identified it as legitimate or illegitimate.