Phishing mails are on the increase... Many are intercepted by anti-spam tools, but some manage to get past the various barriers in place. These are often the most credible.

The increase in Infostealer infections (information-stealing viruses) seen in recent months has led to numerous intrusions into the computer accounts of academic users. There have been some very recent cases at ENS. In some cases, these intrusions are used to send phishing e-mails which appear to the recipient to come from a university address, thus reinforcing trust. These phishings can take different forms.

• the pseudo-circular referring to a site where authentication is required (current example: circular from humah resources management (abbreviated DRH in french) on the revaluation of salaries and retirement savings. The ENS was probably mistaken for an elementary school).
• pseudo-alerts from an IT department (e.g. mailbox full, password to be changed, etc.)
• stressful convocation to which you have to respond very quickly (current example: serious child pornography case)

But also customized versions such as:

• mail which is a reply to a message you have sent or copied (during an intrusion, the contents of mailboxes, particularly the inbox, are often recovered).

For some time now, we’ve also been receiving empty e-mails (with no content) with a subject made up of groups of six-letter "words". There were some again last night.

Some tips to help distinguish phishing:

• check the credibility of the link destination if one is indicated. To see this, move the mouse cursor over the link;
• check the sender’s credibility (note: the sender’s apparent address (From:/From: field) is not sufficiently checked for validity. This apparent sender address is very easy to modify (as easy as in a paper mail);
• check the headers. The easiest way to see them is to ask for the source code to be displayed (ctrl-U with Thunderbird). Lines beginning with "Received:" allow you to follow the message’s progress in reverse order, from the point at which it was sent...

Be very careful...

There are currently a very high number of computer infections by Info-Stealer Trojans. These viruses are information thieves. They steal login credentials, VPN access, cryptocurrency wallets, etc., as well as session cookies and other data stored in Internet browsers. Once exfiltrated, this data is used by cybercriminals for malicious purposes.

Infection can occur in a number of ways:

• by downloading counterfeit software (versions not validated by legitimate publishers).
• by downloading software extensions (plug-ins) offering additional functionalities to applications, video games, etc.
• visiting booby-trapped websites. In some cases, it may simply be an advertisement displayed on the site.

When the infected program is installed, there is often a procedure that neutralizes the anti-virus.

In the event of infection, it is important to react very quickly:

• stop using the infected workstation and disconnect it from the network until it has been reinstalled
• change all passwords that have been saved on the computer or typed on it since the infection

In view of the scale of these contaminations and the major risks associated with them, the French Government (CyberMalveillance, National Police) have prepared an awareness sheet available ici (in french).

Stay on your guard!

A chat tool is now available at IBENS. It is based on the Mattermost software tool.

The usage is quite simple. There are teams that bring members together. They can then exchange through public channels (all members of the group have access) or private channels (only designated members have access). The team administrator manages the members and the channels. A team has been created for each IBENS team. This team has the same name as the one we use on the IT platform. Other teams may be created in the future.

To get started?

To use this tool, you must have an account. Currently, it is independent of the LDAP repository used in the biology department, but we would like to have the possibility to associate it later. We therefore thank you to respect the following rules imperatively:

1. use the same login as your account in the biology department (usually your last name, or the first letter of your first name followed by the last name limited to 8 characters and always without accent);
2. For security reasons, use a specific password for this account ;
3. You must use name.lastname at bio.ens.psl.eu as your email address (other forms @ens.psl.eu, @ens.fr, ... will be rejected).

Setting up a team

The first step is for the team leader to appoint an administrator for his or her group. The latter creates an account according to the rules stated above and informs us by email at sysinfo at bio.ens.psl.eu. At the IT platform level, we will assign him/her to the team and give him/her the administration rights for the group.

Member Registration

The team administrator sends an email message to members containing the link to invite them to join a team. The link is available in the main menu (three lines in the top left corner), item “Manage teams” then in the panel in the top right corner “Invite members”.

A more complete documentation in French is available here