Voir en


Computer Security: Wrong link, wrong login, and BOOM


Clicking on a malicious link or attachment, or disclosing your password in reply to a malignant email or on a fake and nasty CERN Single Sign-On page, are two major attack vectors for the evil side to infiltrate CERN. That’s why the Computer Security team is testing you again (see here) and again (see here) with its clicking campaigns (and see here). The aim of these campaigns is to introduce you to the drawbacks of the email protocol (“E-mail is broken and there is nothing we can do”), make you aware of the threats of so-called social engineering (“Got a call from "Microsoft"? The social way of infecting your PC”), and enable you to detect the less sophisticated emails designed by attackers to make you click and infect your computer or lose your password (“Click and infect”).

While we have had lots of positive feedback –

home.cern,Computers and Control Rooms

– and also some good, constructive – and sometimes less constructive – feedback, it seems that you’re getting used to these campaigns.

home.cern,Computers and Control Rooms

Some special species at CERN even impatiently look forward to our campaigns, race to be the first to click and get in touch with us :) or disclose their discovery via internal communication channels :(.

home.cern,Computers and Control Rooms

These clicking campaigns may be “predictable” and “annoying”. Still, they follow the recommendations of the French government and good industry practices. Importantly, the vast majority of the feedback we got was positive. People who identified the spam emails correctly were glad and pleased to have succeeded. And those who did click appreciated the reminder that the online world can be evil. Hopefully, they won’t click next time! Remember what’s at stake: CERN’s operations and reputation! After all, a security report shows that about 24% of incidents have a malicious email as the initial vector. And attachments are a very common way to pown multimillion companies (see here and here). It would be great if, together, we could spare CERN from such nasty surprises.

So, please watch out and check any email before answering, opening attachments or clicking on embedded links:

home.cern,Computers and Control Rooms

Similarly, make sure that you enter your CERN password only on either the new or old CERN Single Sign-On pages, https://auth.cern.ch and https://login.cern.ch, respectively:

home.cern,Computers and Control Rooms

Help us to protect the Organization. STOP – THINK – DON’T CLICK. And, ideally, opt into our multi-factor authentication pilot, which provides the silver bullet to protect your account. And, if you happen to have received a suspicious email, just delete it and/or report it to us at Computer.Security@cern.ch. For more information on how to recognise malicious emails, check out our general recommendations.


Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.