Content:
Your SIPRI email account
Spam and phishing
Assume it is spam
Spam messages from a SIPRI-address
Consequences of a compromised account
If you have made a mistake
What can I do?
Your SIPRI email account
This email account is a professional tool and should be treated accordingly. Every time you send an email from your SIPRI address you are doing that in your official capacity as a SIPRI representative. Because of that you will also be the constant potential target for hackers looking to take over accounts to cause harm. Keeping your account safe is therefore part of the responsibility you have as a user, and the most important thing here is to make sure no one else can access it.
This page is a short introduction to the scams you will be subjected to, and what you as a user must watch out for. Please read this carefully!
Spam and phishing – what is the difference
Spam or junk mail is an unsolicited email that tries to sell you a product or service. Spammers send their messages to hundreds, thousands or even millions of email addresses at once with the hope that at least a few people will respond. Spam emails are mostly used for commercial advertising, often for dubious products, get rich quick schemes or quasi-legal services.
Phishing emails, on the other hand, is a specific type of spam or a cyber crime that tries to trick you into giving your information, such as banking or credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. Targeted emails with specific personal information related to your organisation or colleague are sometimes referred to as spear phishing.
Common signs of phishing to watch out for
• inconsistencies in email addresses, links, and domain names
• grammar and spelling errors or even “wrong” language
• asks for personal details; credentials, and such
• there is a sense of urgency or even a threat
• suspicious attachments
• unusual request, often from someone you know
Assume it is phishing
Be especially wary of ANY messages concerning your email account – as a rule assume it is spam even if it looks real! You do not have to confirm your email account to keep it alive. We would never ask you to click on a link, and never ever to follow that link and then log in with your username and password. If you are not sure – please ask us to confirm!
Spam messages from a SIPRI-address
Do not automatically trust an email that has a from address ending with @sipri.org – it might still be a fake. If you are not sure, look at the rest of the message for clues, and if still not sure, ask us!
The trick with faking an address is called email spoofing – and is unfortunately an easy thing to perform to make it seem as if the email is sent from a trusted address. So it is not a sign of anything having been hacked – the hackers are just trying to make the spam seem real.
Consequences of a compromised account
If a hacker gets hold of your email account it will commonly be used for sending further spam to every single address in our global address book. This in turn will lead to us getting more spam and causing us to be blacklisted, with bouncing emails as a result and several days of work to get us whitelisted again.
What to do if you have made a mistake
If you have clicked on a link and given your username/password, or think that you may have, you need to do two things asap: change your password and notify SIPRI IT (support@sipri.org) so that we can check your account and make sure it is safe. Failure to do so may result in the account being temporarily blocked – so please be in touch to help us keep our systems safe!
What can I do?
1. Be vigilant – think twice (at least) before clicking on any link in an email.
2. Do not click on ‘unsubscribe’ links in emails that come from unknown sources.
3. Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information.
4. Don’t ever click on a link in an email to go to your email account – and do not ever enter log in details upon request.
5. Move the scam emails to the Junk folder to help the system learn.
6. Send examples to SIPRI IT for awareness (support@sipri.org) – we will send out warnings to all staff when so needed.