From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <laurent.le_pendeven@inria.fr>
Received: from mail3-smtp-sop.national.inria.fr (mail3-smtp-sop.national.inria.fr [192.134.164.98])
	by sympa.inria.fr (Postfix) with ESMTPS id C6B857F3B1;
	Fri, 21 Feb 2020 09:35:58 +0100 (CET)
X-IronPort-AV: E=Sophos;i="5.70,467,1574118000"; 
   d="p7s'?scan'208,217";a="339935831"
Received: from pcsic-llpold.paris.inria.fr (HELO [128.93.93.11]) ([128.93.93.11])
  by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES128-SHA; 21 Feb 2020 09:35:07 +0100
From: Laurent Le Pendeven <laurent.le_pendeven@inria.fr>
Reply-To: dsi.soc@inria.fr
Message-ID: <2c64b8ae-ba07-4c1e-c7f9-e19468b73f2b@inria.fr>
Date: Fri, 21 Feb 2020 09:35:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.4.1
MIME-Version: 1.0
To: destinataires inconnus: ;
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms080904040104020307090209"
Subject: [Caml-list] =?UTF-8?Q?URGENT_/_IMPORTANT_=3A_Vous_avez_=C3=A9t?=
 =?UTF-8?Q?=C3=A9_cibl=C3=A9_par_un_phishing_/_You_have_been_targeted_by_p?=
 =?UTF-8?Q?hishing?=

This is a cryptographically signed message in MIME format.

--------------ms080904040104020307090209
Content-Type: multipart/alternative;
 boundary="------------A7BA6224C8FE38F9244B7E29"
Content-Language: fr-FR

This is a multi-part message in MIME format.
--------------A7BA6224C8FE38F9244B7E29
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

[ENGLISH BELOW] Bonjour,

Le 17/02/2020 un message frauduleux a =C3=A9t=C3=A9 envoy=C3=A9 =C3=A0 un c=
ertain nombre=20
d'utilisateurs Inria.

Ce message, qui avait pour sujet "Avis urgent !!", demandait =C3=A0 ses=20
destinataires de saisir leurs identifiants Inria.

Nous avons d=C3=A9tect=C3=A9 que vous avez pu recevoir ce message.

Merci de nous faire savoir si=C2=A0:

- vous avez saisi vos identifiants Inria

*Ne r=C3=A9pondez au pr=C3=A9sent mail que si et seulement si=C2=A0 vous av=
ez saisi vos=20
identifiants*

Dans le cas o=C3=B9 vous auriez communiqu=C3=A9 vos identifiants Inria, il =
faut=20
imp=C3=A9rativement modifier votre mot de passe Inria dans les plus brefs=20
d=C3=A9lais.

Nous vous invitons =C3=A0 signaler =C3=A0 l'adresse cert@inria.fr ou via le=
=20
helpdesk (https://helpdesk.inria.fr/categories/93/submit) tout mail vous=20
semblant suspect re=C3=A7u dans votre bo=C3=AEte professionnelle et vous de=
mandant=20
de cliquer sur un lien ou de saisir vos identifiants Inria.

Votre correspondant s=C3=A9curit=C3=A9 SI (CSSI) de centre est =C3=A9galeme=
nt=20
disponible en cas de doute sur un incident potentiel de s=C3=A9curit=C3=A9=
=20
informatique. La liste des CSSI se trouve ici=C2=A0:=20
https://intranet.inria.fr/Inria/Directions/Direction-generale/Securite-Defe=
nse/Securite-informatique=20


Ici un article expliquant comment se prot=C3=A9ger du phishing=C2=A0:=20
https://intranet.inria.fr/Actualite/Comment-se-proteger-du-phishing

Merci par avance de votre retour (seulement si vous =C3=AAtes dans un des=20
deux cas ci-dessus),

Le service DSI-SOC.


Hello,

On 2020/02/17 a fraudulent message was sent to a number of Inria users.

The message, which was about "Avis urgent !!", asked its recipients to=20
enter their Inria credentials.

We have detected that you may have received this message.

Please let us know if:

- you have entered your Inria credentials

*Reply to this email if and only if you have entered your Inria=20
credentials. *

In the event that you have provided your Inria credentials, it is=20
essential to change your Inria password as soon as possible.

We invite you to report to cert@inria.fr any suspicious e-mails received=20
in your business mailbox asking you to click on a link or enter your=20
Inria credentials.

Your centre IT security correspondent (CSSI) is also available in case=20
of doubt about a potential IT security incident. The list of CSSI can be=20
found here:=20
https://intranet.inria.fr/Inria/Directions/Direction-generale/Securite-Defe=
nse/Securite-informatique=20


Here is an article that explains how to protect from phishing emails=C2=A0:=
=20
https://intranet.inria.fr/Actualite/Comment-se-proteger-du-phishing

Thank you in advance for your return (only if you are in one of the two=20
cases above),


The IT Security Service (DSI-SOC).

___________________________________________________________________________=
_____________________________=20


Le mail frauduleux / The fraudulent email=C2=A0:

*De: *"Petra Brenig-Klein" <Petra.Brenig-Klein@Erzbistum-Koeln.de>

    *Envoy=C3=A9: *Lundi 17 F=C3=A9vrier 2020 13:33:27
    *Objet: *Avis urgent !!

*Avertissement !!!*
*
Votre mot de passe expirera dans 2 jours, pour conserver votre mot de=20
passe: **Cliquez ici

Service Web 2020.*



--------------A7BA6224C8FE38F9244B7E29
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF-8=
">
  </head>
  <body>
    <p>[ENGLISH BELOW]
      Bonjour,
    </p>
    <p>Le 17/02/2020 un message frauduleux a =C3=A9t=C3=A9 envoy=C3=A9 =C3=
=A0 un certain
      nombre d'utilisateurs Inria.
    </p>
    <p>Ce message, qui avait pour sujet "Avis urgent !!", demandait =C3=A0
      ses destinataires de saisir leurs identifiants Inria.<br>
    </p>
    <p>Nous avons d=C3=A9tect=C3=A9 que vous avez pu recevoir ce message.
    </p>
    <p>Merci de nous faire savoir si=C2=A0:</p>
    <p>=C2=A0
      - vous avez saisi vos identifiants Inria <br>
    </p>
    <p><b><font color=3D"#ff2900">Ne r=C3=A9pondez au pr=C3=A9sent mail que=
 si et
          seulement si=C2=A0 vous avez saisi vos identifiants</font></b><br>
    </p>
    <p>Dans le cas o=C3=B9 vous auriez communiqu=C3=A9 vos identifiants Inr=
ia, il
      faut imp=C3=A9rativement modifier votre mot de passe Inria dans les
      plus brefs d=C3=A9lais.=C2=A0
    </p>
    <p>Nous vous invitons =C3=A0 signaler =C3=A0 l'adresse <a class=3D"moz-=
txt-link-abbreviated" href=3D"mailto:cert@inria.fr">cert@inria.fr</a> ou vi=
a le
      helpdesk (<a class=3D"moz-txt-link-freetext" href=3D"https://helpdesk=
.inria.fr/categories/93/submit">https://helpdesk.inria.fr/categories/93/sub=
mit</a>) tout
      mail vous semblant suspect re=C3=A7u dans votre bo=C3=AEte profession=
nelle
      et vous demandant de cliquer sur un lien ou de saisir vos
      identifiants Inria.
    </p>
    <p>Votre correspondant s=C3=A9curit=C3=A9 SI (CSSI) de centre est =C3=
=A9galement
      disponible en cas de doute sur un incident potentiel de s=C3=A9curit=
=C3=A9
      informatique. La liste des CSSI se trouve ici=C2=A0:
      <a rel=3D"nofollow" class=3D"external free"
href=3D"https://intranet.inria.fr/Inria/Directions/Direction-generale/Secur=
ite-Defense/Securite-informatique">https://intranet.inria.fr/Inria/Directio=
ns/Direction-generale/Securite-Defense/Securite-informatique</a>
    </p>
    <p>Ici un article expliquant comment se prot=C3=A9ger du phishing=C2=A0:
      <a rel=3D"nofollow" class=3D"external free"
href=3D"https://intranet.inria.fr/Actualite/Comment-se-proteger-du-phishing=
">https://intranet.inria.fr/Actualite/Comment-se-proteger-du-phishing</a>
    </p>
    <p>Merci par avance de votre retour (seulement si vous =C3=AAtes dans un
      des deux cas ci-dessus),
    </p>
    <p>Le service DSI-SOC. <br>
    </p>
    <p><br>
    </p>
    <p>Hello,
    </p>
    <p>On 2020/02/17 a fraudulent message was sent to a number of Inria
      users.
    </p>
    <p>The message, which was about "Avis urgent !!", asked its
      recipients to enter their Inria credentials.
    </p>
    <p>We have detected that you may have received this message.
    </p>
    <p>Please let us know if: <br>
    </p>
    <p>- you have entered your Inria credentials <br>
    </p>
    <p><b><font color=3D"#ff2900">Reply to this email if and only if you
          have entered your Inria credentials.
        </font></b></p>
    <p>In the event that you have provided your Inria credentials, it is
      essential to change your Inria password as soon as possible.
    </p>
    <p>We invite you to report to <a class=3D"moz-txt-link-abbreviated" hre=
f=3D"mailto:cert@inria.fr">cert@inria.fr</a> any suspicious e-mails
      received in your business mailbox asking you to click on a link or
      enter your Inria credentials.
    </p>
    <p>Your centre IT security correspondent (CSSI) is also available in
      case of doubt about a potential IT security incident. The list of
      CSSI can be found here:
      <a rel=3D"nofollow" class=3D"external free"
href=3D"https://intranet.inria.fr/Inria/Directions/Direction-generale/Secur=
ite-Defense/Securite-informatique">https://intranet.inria.fr/Inria/Directio=
ns/Direction-generale/Securite-Defense/Securite-informatique</a>
    </p>
    <p>Here is an article that explains how to protect from phishing
      emails=C2=A0:
      <a rel=3D"nofollow" class=3D"external free"
href=3D"https://intranet.inria.fr/Actualite/Comment-se-proteger-du-phishing=
">https://intranet.inria.fr/Actualite/Comment-se-proteger-du-phishing</a>
    </p>
    <p>Thank you in advance for your return (only if you are in one of
      the two cases above),
    </p>
    <p><br>
      The IT Security Service (DSI-SOC). <br>
    </p>
    <p>____________________________________________________________________=
____________________________________
      <br>
    </p>
    <p>Le mail frauduleux / The fraudulent email=C2=A0: <br>
    </p>
    <div><b>De: </b>"Petra Brenig-Klein"
      <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:Petra.Brenig-Klein@=
Erzbistum-Koeln.de">&lt;Petra.Brenig-Klein@Erzbistum-Koeln.de&gt;</a><br>
      <div class=3D"message-stanza open">
        <blockquote>
          <b>Envoy=C3=A9: </b>Lundi 17 F=C3=A9vrier 2020 13:33:27<br>
          <b>Objet: </b>Avis urgent !!<br>
        </blockquote>
      </div>
    </div>
    <b><span style=3D"font-family:Corbel,Skia,sans-serif">Avertissement
        !!!</span></b><br>
    <div
style=3D"font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-se=
rif;"
      dir=3D"ltr">
      <div>
        <div dir=3D"ltr" style=3D"font-size: 12pt; color: rgb(0, 0, 0);
          font-family: Calibri, Helvetica, sans-serif,
          &quot;EmojiFont&quot;, &quot;Apple Color Emoji&quot;,
          &quot;Segoe UI Emoji&quot;, NotoColorEmoji, &quot;Segoe UI
          Symbol&quot;, &quot;Android Emoji&quot;, EmojiSymbols;">
          <div><b>
              <br>
              <span style=3D"font-family:Corbel,Skia,sans-serif">Votre mot
                de passe expirera dans 2 jours, pour conserver votre mot
                de passe:
              </span></b><b>Cliquez ici<br>
              <br>
              <span style=3D"font-family:Corbel,Skia,sans-serif">Service
                Web 2020.</span></b></div>
          <br>
        </div>
      </div>
    </div>
    <p><br>
    </p>
  </body>
</html>

--------------A7BA6224C8FE38F9244B7E29--

--------------ms080904040104020307090209
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Signature cryptographique S/MIME

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG
9w0BBwEAAKCCCmYwggUAMIID6KADAgECAhADS+4XH7fhBjcv1HJCQL0qMA0G
CSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0Rp
Z2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xNDExMTgxMjAwMDBaFw0y
NDExMTgxMjAwMDBaMGkxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1I
b2xsYW5kMRIwEAYDVQQHEwlBbXN0ZXJkYW0xDzANBgNVBAoTBlRFUkVOQTEd
MBsGA1UEAxMUVEVSRU5BIFBlcnNvbmFsIENBIDMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDGpbsfVYL0pTRyFHJlm1/V6qBo2JuCiU9TYpx7
jM4O2tQyDq8bjMum69vg6wM0lMGHflMgqB75GxeKfQFmEldoXi2cLishqFUv
U2cJeM3SaRsLk2BsuCgTzh9NsYgmrUX60KHOq7eYKVZxbPFWJF2nMOBuMXNu
2qBXTGSLeLXHnNvG3r7TLzGg1oA5teAxQE6Eo8ySSeIXbP7wZB76urwlh51P
IbrJZjkDjdQVELh7OlTP1WO6T/Hf6BsEfeFcpoa1e+MW/lw0VetTPPHQ15HY
KYP2WYohHxzDiC+QUwE7UZVBlp9cXIpwHuDzSibc5RG3z0n/j2SQCx0Dk5FM
AUErAgMBAAGjggGmMIIBojASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
/wQEAwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMu
ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYD
VR0fBHoweDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lD
ZXJ0QXNzdXJlZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDQuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDA9BgNVHSAE
NjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl
cnQuY29tL0NQUzAdBgNVHQ4EFgQU8CHpSXdzn4WuGDvoUnAUBu1C7sowHwYD
VR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcNAQELBQAD
ggEBADrCGyv+Y967YbS5R6j8fAWxJiAiUZvIPfn1xVgesF6jspwCQY8xGn/M
G04d+Jh97I8I/Xfx29JEEFq2rQmw4PxiO9RiDZ7xoDxNd4rrRDR7jrtOKQP8
J+o+ah0vSOP62hnD/zPS7NRMtIyVS2G277KAL5fIR62ngr984fmJghDv0bsj
GAmeu3EP0xhUsDJT61IoAGoKBnxBPAeg3WXsdSm4Gn7btyvakeyFtYebr2Km
OBSa28PRqGSDur56aZhJoM2eMzc6prmvGwwtAzRsc5t2OsKRuHWV6O3anP2K
27jGZR2bi1VX1NQUvIbpVNTuwjm+XcZtsa/AAJF9KGkEseAwggVeMIIERqAD
AgECAhAK1D6MDcaHOx870eeLeCM6MA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
BAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xsYW5kMRIwEAYDVQQHEwlBbXN0
ZXJkYW0xDzANBgNVBAoTBlRFUkVOQTEdMBsGA1UEAxMUVEVSRU5BIFBlcnNv
bmFsIENBIDMwHhcNMTkxMTE4MDAwMDAwWhcNMjIxMTE4MTIwMDAwWjCBjTEL
MAkGA1UEBhMCRlIxFTATBgNVBAcTDFJvY3F1ZW5jb3VydDFJMEcGA1UEChNA
SW5zdGl0dXQgTmF0aW9uYWwgZGUgUmVjaGVyY2hlIGVuIEluZm9ybWF0aXF1
ZSBldCBlbiBBdXRvbWF0aXF1ZTEcMBoGA1UEAxMTTGF1cmVudCBMRSBQRU5E
RVZFTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFGJV+fLY88
Eb+/yGxPRKGIJbnJhD206l/AvoHaaoQwpxr9ntw5+1U7Aos1MLJVhcVE3jJH
XZO4kqh5BbqX+sjdqgW4TLsvvRTmUnQix4VurxxaxxnbJg03Qt+cIur88Q/L
Xdtvv9Xg8+8zGAJcpspsepSMC8tZvMV9pDiEG0V6AvMoNSaDuzPdk/PaJAQR
0Xy+Up6A0zXnrIuJqAKrhUJU2HoUTQFvBr7IvrfCnt4h9AWDUvS8uLijM3/3
GHQIx/D9y/Kf/67op+XCLVxlhtiT32i2nSGQJA8W417jd1AzA393p0UFGC+j
W62mTK1yjJp4g8eoSp1RM1tXeiIIyF8CAwEAAaOCAdswggHXMB8GA1UdIwQY
MBaAFPAh6Ul3c5+Frhg76FJwFAbtQu7KMB0GA1UdDgQWBBQN7buNJDhoQ8ve
8lwdJpiZtf3uUTAMBgNVHRMBAf8EAjAAMCcGA1UdEQQgMB6BHExhdXJlbnQu
TGVfUGVuZGV2ZW5AaW5yaWEuZnIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMCBggrBgEFBQcDBDBDBgNVHSAEPDA6MDgGCmCGSAGG/WwE
AQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20v
VEVSRU5BUGVyc29uYWxDQTMuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdp
Y2VydC5jb20vVEVSRU5BUGVyc29uYWxDQTMuY3JsMHMGCCsGAQUFBwEBBGcw
ZTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMD0GCCsG
AQUFBzAChjFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vVEVSRU5BUGVy
c29uYWxDQTMuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQCEU5+M2gAW4gNaK9W4
rlYEliw+MvTS3CaXqbHmYaptDMYqnLh9AXnbpA3nKMpRlu/G+UYjMp2Msuob
d/dTzqjpDliuPrqvBZegsIA2cDn268gB8TsOWOmgbcf15LY7w1nEFiHeV5Sh
nuLGwK0k/UfxN+pfVtch7ZSubt2ahUiqaRAgjdmhUkxEJ+Ru+wgWmkbvP8YX
sE176QMtkC2dp4Z52PFWSn47Wlx3lxOktNt/db8s6ntQHZchS7ye0iQs3Vd/
YpGRc53DFrKc+uzAQwocIJ5Ycfwxh/a++A3B/TubEiIgabiVYMwimmqKgmEd
ZP+k2JQcrCR3pzMYOEjGOCH/MYIDozCCA58CAQEwfTBpMQswCQYDVQQGEwJO
TDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt
MQ8wDQYDVQQKEwZURVJFTkExHTAbBgNVBAMTFFRFUkVOQSBQZXJzb25hbCBD
QSAzAhAK1D6MDcaHOx870eeLeCM6MA0GCWCGSAFlAwQCAQUAoIIB9zAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAyMjEw
ODM1MDdaMC8GCSqGSIb3DQEJBDEiBCD4FKtTuPVEaNGxI+QODp9BUVgs4iAt
bNkxERiLeboLXjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglg
hkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3
DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGMBgkrBgEEAYI3EAQx
fzB9MGkxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xsYW5kMRIw
EAYDVQQHEwlBbXN0ZXJkYW0xDzANBgNVBAoTBlRFUkVOQTEdMBsGA1UEAxMU
VEVSRU5BIFBlcnNvbmFsIENBIDMCEArUPowNxoc7HzvR54t4IzowgY4GCyqG
SIb3DQEJEAILMX+gfTBpMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQt
SG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkEx
HTAbBgNVBAMTFFRFUkVOQSBQZXJzb25hbCBDQSAzAhAK1D6MDcaHOx870eeL
eCM6MA0GCSqGSIb3DQEBAQUABIIBAD88/GgftvN4Xn2xnIC3WCrVDHUjc4fK
gaSJYsctpbgd9ONnnUWyXXdBwsafVFsPgmc8aDPdQJGBbfKTx8R3Ngg/bj2J
EecBTwFpNIkF+rRdkV7paHaXIrzBHmlRvTcj9sbHtoGtpgyb2Lsttsam/xLp
BgOOJ7dMgYlYUGJefYGji8yQHmB2ZqFaoUNopMAMP4M/7fHWr5wL4c7V8GCq
AYw+RL9hBdPgs9z+EGviszVoq8P8hB87rBP+eVzRDmY8mBvhDDWwt6Y/qaGi
K9gTw1vBO+Fg1e3CeYprG1t1cMi34daOAHGU+ARON1aeP2jQMCSEgeCPh9MG
E6yWh5zGrOwAAAAAAAA=

--------------ms080904040104020307090209--