More than 1800 CERN employees fell into phishing test trap
CERN employees can also fall for fraudulent emails sent as part of phishing campaigns. On the website of the research centre, which is a stone’s throw from Geneva, the IT security team is lagging behind the number of people trapped in the latest annual prevention campaign.
On August 1, 2022, 22,731 emails with fake email addresses ending in “cern.ch” were sent. The written information at first glance is important information, such as invoices to be matched, a signed contract or a report on Covid. “The emails contained a request to click a link to a login page, which asked for your username. When you provided this initial information, you were asked to enter your CERN password,” the IT security team explained in its balance sheet.
The result: more than 1800 people clicked the link, fell into the trap and entered their username and password into the fake single sign-on page. According to the 2021 annual report, the research center employs 2,676 staff members, 783 research associates, 710 students and 989 associates. CERN’s requests are therefore asked to exercise more caution by, among other things, applying the “think before you click” principle and enabling two-factor authentication for your account.
By the way: the work of many phishing scammers is for nothing as soon as their e-mails are sorted out by the spam filter. You can find out how the scammers try to circumvent this problem here.