Recommendations for Defending Against Targeted Cyber Threats

Steps individuals can take to reduce risk of exposure to malware include the following:

• Be vigilant concerning all e-mails, web links, and files, especially during sensitive times such as political anniversaries. In particular, carefully assess the authenticity of any such materials referencing sensitive subject matter relevant to your community, or containing misspellings or unusual diction.


• Carefully examine the sender’s email address. If the address uses an email account name that appears official, but originates from a common webmail provider (e.g. Gmail), or incorporates minor variations from or unexpected characters than a typical address, consider it a spoofing attempt. Do not access any material included in that email without independently verifying that the actual person in question sent the email (do not reply to the same email address from which the email originates -- use telephone calls or research the official email address).


• Never open unexpected or unsolicited attachments. If the attachment is not essential to your work or represents information you can obtain elsewhere (such as through an online search for a particular report or issue), immediately delete it. If you are using Gmail, you can click “View” to view some attachments in your web browser instead of downloading the file to your computer. All file types may contain malware, but be especially wary of .exe, .scr, .zip, and .rar files. If it is essential that you open the file, try to independently confirm with the actual person who appears to have sent it that the file is legitimate. Additionally, running the file through https:/www.virustotal.com/ may help identify files containing malware (though it will not catch zero-day exploits). To perform such a scan, drag or copy the file to your desktop without opening it, and then upload to the virustotal website. The website will provide a summary of results of the scan.


• Never click on unverified links. As with attachments, if the link is not essential to your work or represents information you can obtain elsewhere (such as through an online search), immediately delete it. Keep in mind that hyperlinks that appear to lead to legitimate sites, may in fact mask an underlying malicious web link. In most email programs, if you hover over a hyperlink without clicking, it will show you the actual link as a tooltip (text that briefly appears next to the mouse cursor), or, in the case of webmail, in the status bar of your browser. Suspicious links might have an IP address instead of a domain (e.g. http://10.0.3.10/something.html instead of http://example.com/something.html) or the URL may not match the website to which you expect it to link. If the text of the link in the email does not match the underlying link, there is a good chance the linked page is malicious.


• Keep your computer’s operating system, applications and anti-virus program up to date and ensure you have the latest security updates and patches.


• Be aware of mobile malware. More and more malware released nowadays is designed for mobile phones. Do not download apps that you don’t need, as many apps available in open markets contain malware. There are also projects developing applications to help mobile users protect their communications and personal data from intrusion and monitoring.

If you are part of a human rights organization and are interested in participating in the Citizen Lab’s ongoing study of targeted cyber threats, please contact us at hrthreats[AT]citizenlab.org.