How to detect phishing mails
Emails are a practical and useful means of communication. However, they are often used by fraudsters to steal confidential data such as passwords or bank information. These so-called phishing emails pose a real risk. Not all of them can be automatically detected and stopped by technical email filters. This also means that phishing emails cannot be prevented from appearing in your mailboxes now and again.
Watch out for these emails
- Is the email particularly urgent?
- Does it require a fast response in order to profit from an especially lucrative offer?
- Does it require you to enter your password on a specific webpage to prevent being locked out of an account?
You already have an idea that such emails are usually phishing attacks. These emails try to tempt you to click on a link and enter confidential information on the webpage you are taken to.
- The warning signs of phishing attempts not only include urgency, but also frequent spelling or grammar mistakes,
- missing personal salutations or
- unusual sender addresses.
Unfortunately, there are now also deceptively real looking phishing mails, which are not recognisable at first glance. A healthy level of mistrust is therefore always appropriate in all cases.
What should I do if I receive spam or phishing in my mailbox?
Despite the existence of MailCleaner and monitoring tools it can happen that such emails end up in your mailbox. Help others to avoid this problem.
How to deal with spam
For ETH areas that are filtered by MailCleaner:
Forward the email as an attachment to the email address email@example.com.
Phishing & malware procedure
Forward the email as an attachment to the email address firstname.lastname@example.org.
This email address informs various ETH offices as well as those responsible for MailCleaner at the same time.
Forward as attachment
There is a possibility to do this with Outlook > More Actions > Forward as Attachment (see also the section “PDF Other Clients”).
Please do not forward spam or phishing mails as an email only. Please always as an attachment.Other Clients
- Forward emails as attachment (PDF)
- Web page Mail filter https://www.ethz.ch/services/en/it-services/catalogue/email-calendar/mailfiltering.html
If you have already clicked
If you have been taken in by a phishing email and clicked on the link, please contact your local IT support or ITS Service Desk immediately.
- IT Support Groups for the departments https://www.ethz.ch/services/en/it-services/service-desk/contacts-departments.html
- ITS Service Desk www.its.ethz.ch/servicedesk
Further information about IT Security
- ETH Zurich Web
- Information Security IT House Rules (brochure, available for order)
- PROTECT YOUR BRAINWORK. https://itsecurity.ethz.ch/en/#/protect_your_devices
Anja Harder, Chief IT Security Officer for IT Services
Fake Phishing Test & Microfibre Cloth
More about the fake phishing test offer and how you can get a microfiber cloth from the IT Security Initiative in the newsletter inside|out No. 18.