|
Size: 14928
Comment:
|
← Revision 74 as of 2021-02-02 16:02:44 ⇥
Size: 3824
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| * Latest phising emails. * Please: * ignore or best delete, such email, * feel free to append received phishing mails here, * attention: remove any URLs from the text before saving. |
== I received a phishing mail: What to do? == * Delete it. |
| Line 8: | Line 5: |
| <<TableOfContents>> | == I received a mail and I'm unsure if it is a phishing mail == * Check our IT news: https://math.uzh.ch/li - we're publishing phishing mails there, as soon as we're aware of it. * Thinlinc: upper right corner you find our IT News channel. Blinking means there are new messages: right click on it to see the headlines, left click opens the channel in a browser. {{attachment:news.png}} * Announcements starting with '[Phishing] ...' means: '''this is a phishing mail, delete it'''. |
| Line 10: | Line 10: |
| == Subject: storage Upgrade Request == * Date: 17.8.15 * Sender: info@helpdesk.com {{{ Hi &email&, Please notice we suspect your email account being running a low memory. |
* Move the mouse over any given URL. Is the URL in the mail and the real URL (shown in the lower left corner) identical? Yes: that's a good sign. * Do you know the URL? Yes: good sign (be very picky with comparing the URL). * Best is '''not''' to click on any URL in the mail. Instead use your bookmarks or type the URL manually - but not the one from the email! Use google to search for the correct website. |
| Line 17: | Line 14: |
| For safety reasons we have temporary signed you out. | * If you found nothing suspicious but you're still unsure: forward the mail to support@math.uzh.ch and ask us if it is reliable or a phishing mail. |
| Line 19: | Line 16: |
| Upgrade Here/slowFAST/others/ &email&?valid=sign_in_SS | == What is a phishing mail? == An attacker tries to get your username/password by providing a website with a login box. Such a site will save your credentials. They often look identical to known websites. |
| Line 21: | Line 19: |
| No further action is necessary; this is just a notification for your account safety, just follow the above link and Sign Back in to strengthen your account and Continue your free usage. Have a great day! |
== What happens if I provided my credentials to a phishing site? == * Thousands of people will receive spam, cause your credentials will be misused to send spam. You're '''reponsible''' for this! * The UZH will be marked as 'spammer' - UZH mail will be marked as potential spam or the receiving of UZH mail is completely '''denied'''. * After submitting your credentials, it takes only a few minutes until the SPAM sending process starts. * If you realize something went wrong - [[https://www.math.uzh.ch/li/index.php?id=newpw|change your I-MATH password immediately]] and [[mailto:support@math.uzh.ch|contact us]]. |
| Line 24: | Line 25: |
| Mail Notification Team. | == I can't open my mails anymore == * If we're seeing too much traffic on an account, we lock the account. This is the only way to securely stop sending further mail by the spammer. * We won't contact you: because you won't be able to read our mail anymore. '''You have to contact us''' (by your private email or via chat https://hello.math.uzh.ch). |
| Line 26: | Line 29: |
| == How can I distinguish fake and reliable mail? == * Does the email ask me to log in somewhere? * Did I request the action described in the email? |
|
| Line 27: | Line 33: |
| Replies sent to this email address cannot be answered. | == 'Do not trust any email' means ... == * Do not trust any '''email address'''. * Do not trust any '''content''' - see below 'Personalized...'. |
| Line 29: | Line 37: |
| == Personalized by Big Data == * An attacker starts some 'big data' algorithm which reads a hacked email inbox, the collected email adresses (auto adressbook) and correlates that with other information like hacked email accounts, computer (incl. PDF, word or excel files saved on the computer) or general public available information. * A personalized email is built automatically and fits perfectly to '''your''' current situation, but it's still a fake. |
|
| Line 30: | Line 41: |
| Avast logo | == Personalized by human == * With the hacked collected information and some creativity: no limits. |
| Line 32: | Line 44: |
| This email has been checked for viruses by Avast antivirus software. www.avast.com }}} |
== Should I stop using email? == * No - Email is by far the most accepted electronic way to communicate - keep it. * Just be aware that an email behaves like a postcard: everyone can write it, with any sender address, with any information. |
| Line 36: | Line 48: |
| == Subject: Maintenance Department == * Date: 13.8.15 * Sender: fatihah@motac.gov.my {{{ IMPORTANT NOTICE: You are receiving this notice because we detected some unusual activities in your Universität Zürich Webmail account. To help protect you, we've temporarily blocked access and applied limited restrictions to your account. You may not be able to send or receive new mail until you re-validate your mailbox. Kindly login with our website below to re-validate. |
== Are there alternatives to email? == Yes: use a service which guarantees the identity of a sender. |
| Line 44: | Line 51: |
| www.uzh.ch Our apologies for any inconvenience this may have caused, but your account safety and privacy is very important to us. Maintenance Department }}} == Subject: Notification Alert == * Date: 27.7.15 * Sender: Zimbra Administration <zimbra@ectel.int> {{{ Dear Zimbra User, This is to inform you that someone else was trying to log into your Zimbra account from a different location {IP:67.177.158.102 Finland: 27/07/2015 by 5:10 PM GTM} If this is not you kindly click below to sign in to update and verify your account for you have only 12 hours to do this in order to keep your Zimbra account active. Click Here to verify your Account. This Email is Subject to mandatory follow, Failure to comply would lead to Permanent closure of Account. Regards, Technical support team }}} == Subject: Emergency Notice Institute of mathematics == * Date: 15.7.15 * Sender: Institut für Mathematik <ar20874@seeu.edu.mk> {{{ Dear Webmail User, We are taking every measure to protect our Webmail User against suspicious e-mails and spam. We appreciates all our Webmail user for their efforts to counter all potential fraudulent activity. Please we advise all our Webmail Users to immediately UPGRADE their email account information by clicking on Support <http://xxxx/> or copy this LINK (http://xxxxx/ ) to help us protect their Webmail account. Thank you. WebMail system Institute of mathematics. }}} == Subject: Sign-In Alert == * Date: 30.6.15 * Sender: "Zimbra" <zimbra@cox.net> {{{ Dear Zimbra User, This is to inform you that someone else was trying to log into your Zimbra account from a different location {IP:67.177.158.102 China : 30/06/2015 by 09:10 AM GTM} If this is not you kindly click below to sign in to update and verify your account for you have only 12 hours to do this in order to keep your Zimbra account active. Click Here to verify your Account. This Email is Subject to mandatory follow, Failure to comply would lead to Permanent closure of Account. Regards, Technical support team ============================================================= "Otrzymana wiadomo?? oraz za??czone do niej pliki mog? stanowi? tajemnic? przedsi?biorstwa i s? przeznaczone tylko dla wymienionych adresatów. Je?eli nie s? Pa?stwo zamierzonym odbiorc?, prosz? poinformowa? o tym fakcie nadawc? i usun?? wiadomo?? wraz z za??cznikami ze swojego systemu. Nie powinni Pa?stwo tak?e ujawnia? nikomu otrzymanych informacji, ani sporz?dza?/zachowywa?/dystrybuowa? ?adnej ich kopii". }}} == Subject: confirm email update == * Date: 11.6.15 * Sender: "Universitat Zurich (reply-to: help.service@post.com)" {{{ -- This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received. The program is run weekly to ensure no one's inbox grows too large. If your inbox becomes too large, you will be unable to receive new email. Just before this message was sent, you had 18 Megabytes (MB) or more of messages stored in your inbox on your Webmail To help us re-set your SPACE on our database prior to maintain your INBOX, you must reply to this e-mail and enter your: Username {...........} and Password {..............} You will continue to receive this warning message periodically, If your inbox size grows to 20 MB, then a program on Bates Webmail will move your oldest email to a folder in your home directory to ensure that you will continue to be able to receive in coming email. You will be notified by email that this has taken place. If your inbox grows to 25 MB, you will be unable to receive new email as it will be returned to the sender. After you read a message, it is best to REPLY and SAVE a copy. Thank you for your cooperation Universität Zürich }}} == Subject:Email Exceeded Limits == * Date: 9.6.15 * Sender: "University of Zurich" <replyi@uzh.ch> {{{ You have 2 secure messages from your school faculty Sign In Universität Zürich }}} == Subject: Account Update.. == * Date: 28.5.15 * Sender: Adams, James {{{ Dear: Faculty/Staff/Student, We detected something unusual about a recent sign-in to the e-mail account. To help keep you safe, we required an extra security challenge. Sign-in details: Country/region: Nigeria IP address: 213.22.101.211 If this was you, then you can safely ignore this email. If you're not sure this was you, a malicious user might have your password. You have to Click Here for account update to help keep you safer. }}} == Subject: ADMINISTRATOR == * Date: 28.5.15 * Sender: <none> {{{ Dear: Faculty/Staff/Student, Your Password will expire in 3 day. Please Click Here<http://webmastera...../> to update your email account immediately }}} == Subject: Our New 130MB Webspace. == * Date: 1.4.15 * Sender: `"admin @ math.uzh.ch" <adm.in @ math.uzh.ch>` {{{ Dear all, Be informed that we have changed our to the a new Zimbra webmail with the new F-Secure ®OPERA Anti-virus/Anti-spam version HTK4S 2015, client software for messaging and collaboration plus faster emails, shared calendar, and web documents, We have also added 130MB Web space to all our e-mail servers, follow our secured link below to upgrade to the new server and confirm your new web space. Note your username and password was not changed so you can verify it below on this new server. CLICK: .... Regards, Admin }}} == Subject: RE: == * Date: 28.3.15 * Sender: Zimbra info @ zimbra.com {{{ You are adviced By the Web Team to confirm your mailbox and re-validate your account, failure to do that would lead to the inability of you in Receiving New Mails Until You Re-Validate Your Mailbox. To Re-Validate, Please CLICK to Re-Validate Your Mailbox. }}} == Subject: E-mail statusbericht == * Date: 12.3.15 * Sender: office @ pearlpool.com {{{ Aandacht e-mailgebruiker dat u hebt sommige inkomende e-mails en u kunt nieuweberichten ontvangen of verzenden snel totdat u uw e-mail quota gevalideerd. Klik op of kopiëren op de link hieronder en vul het formulier naar uw accountgevalideerd. Klik hier E-mail systeembeheerder 192.168.0.1 }}} == Subject: E-Mail Benachrichtigung == * Date: 12.3.15 * Sender: office @ pearlpool.com {{{ Aufmerksamkeit-E-Mail-Benutzer, die Sie einige eingehende e-Mails und Sie habennicht neue Nachrichten empfangen oder zu senden, bald, bis Sie Ihre e-Mail-Kontingent überprüft. Klicken Sie auf oder Kopie auf den unten stehenden Link und füllen Sie das FormularIhr Konto überprüft. Klicken Sie hier E-Mail-System-Administrator 192.168.0.1 }}} == Subject: Re: FORMULAIRE AVERTISSEMENT WEBMAIL == * Date: 3.12.14 * Sender: Patricia.Wilson @ halifax.org {{{ Your email account storage limit has exceeded. You won't be able to receive or send a message. To restore your account please click here: http://internetmessage.poseer... and submit your webmail required information. Thank you. IT Security Service Office 2014 }}} == Subject: Re: FORMULAIRE AVERTISSEMENT WEBMAIL == * Date: 2.12.14 * Sender: syzheng @ ipm.edu.mo {{{ Un virus cheval de Troie ont été détectés dans votre compte webmail et vous demander de vérifier votre compte e-mail dans les 24 heures. Cliquez sur le lien ci-dessous pour valider votre compte webmail. Cliquez ici: Ne pas le faire immédiatement rendre votre adresse e-mail désactivé à partir de notre base de données. Mise à jour Équipe Webmail Virus. }}} == Subject: Warnung == * Date: 29.11.14 * Sender: support @ math.uzh.ch {{{ Sehr geehrter Nutzer, Sie werden darauf hingewiesen, dass Ihr Institut für Mathematik Postfach hat seine Reihe Quote erreicht, sind Sie auf den Link unten an deine E-Mail-Konto zu überprüfen, um die Deaktivierung zu vermeiden folgen. Beachten Sie, füllen Sie Ihre Password im Keyword Raum. http://ow.... Danke. Urheberrecht © 2014 Institut für Mathematik. Alle Rechte vorbehalten. }}} == Subject: Your receipt No.145086263563 == * Date: 24.11.14 * Sender: online @ securityupdate.com {{{ You've bought a program "TomTom" from the Apple Store. It may take a few moments for this transaction to appear in your account. If you have not authorized this charge, log in as soon as possible to cancel the payment! Apple Store Transaction Cancellation Form When the payment will be canceled you will get a full refund. Apple Store Sweden As informações contidas nesta mensagem são confidenciais e protegidas pelo sigilo legal. A divulgação, distribuição ou reprodução deste documento depende da autorização do emissor. Caso V. Sa. não seja o destinatário ou preposto, fica, desde já, notificado que qualquer divulgação, distribuição ou reprodução é estritamente proibida, sujeitando-se o infrator às sanções legais. Caso esta comunicação tenha sido recebida por engano, favor avisar o emissor imediatamente. Grato pela cooperação. -------------------- (English Version) -------------------- The information contained in this message is strictly confidential. If you are not the intended recipient of this message or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error, and that any dissemination, distribution, retention or copying of this communication is strictly prohibited. If that be the case, please reply and notify the sender. }}} == Subject: Confermi la sua webmail == * Date: 6.11.14 * Sender: helpdesk @ math.uzh.ch {{{ Gentile utente UZH webmail Hai superato il limite di 23432 archiviazione della cassetta postale impostata dal WEBMAIL / amministratore, e sarete che ha problemi in invio e la ricezione di posta elettronica fino a ri-Convalida. Per evitare questo, si prega di cliccare sul link sottostante per reimpostare il tuo account. http://postservedochelpde.va... Il mancato rispetto di questa, si tradurrà in un accesso limitato alla propria casella postale Warning Grazie per aver scelto i nostri servizi UZH Webmail Saluti, UZH Webmail Servizi di Verifica Supporto | Institut für Mathematik © 2014 }}} == Subject: [cloud] Technical Support == * Date: 24.9.14 * Sender: Admin @ admin.com {{{ Dear Web-mail User, Your Mailbox has reached your limit quota, You might not be able to send or get updates until you re-validate your mailbox. To re-validate your mailbox reply to this mail and fill your. {user-name : {Password : {Confirm Password : Technical Support 10.92.79.41.82 }}} == Subject: WEBMAIL UPDATE. == * Date: 18.9.2014 * Sender: WEBMAIL MAIL webch @ inbox.lv {{{ Liebe Webmail-Nutzer, Ihr Postfach hat die Speicherbegrenzung, die 20 GB als vom Administrator festgelegte ist überschritten, Sie laufen auf 33,6 GB, bitte erneut authentifizieren Ihres Postfachs klicken Sie oder kopieren Sie den unten stehenden Link: http://webhelperz.wix.c... Warnung: Fehler beim Posteingang neu festlegen gerendert werden e-aktive aus unserer Datenbank. System-Management-Team, © Copyright 2014 }}} == Subject: University of Zurich(UZH) == * Date: 16.9.2014 * Sender: uzh-helpdesk @ uzh.ch {{{ University of Zurich(UZH) Your mailbox has exceeded the set quota limit due to hidden files. You may not be able to send or receive new mails effect from on the 30th of September 2014, until you upgrade/increase your quota limit. To increase your quota limit, click the following link below and input the required details to validate your mailbox. You can copy the link into your browser if you cannot click on it. * http://mscarmallapointe50.... Failure to increase your quota limit as advised may result to loss of important information on your mailbox or cause restricted access on login. Thank you for your co-operation. UZH Technical Support Team Warning Code: ID67565434. Rämistrasse 71 CH-8006 Zürich Phone +41 44 634 11 11 / Fax +41 44 634 49 01 © University of Zurich }}} == Subject: Lieber E-Mail-Benutzer. == * Date: 2.7.14 * Sender: Zoja Katsajeva {{{ Lieber E-Mail-Benutzer, Es ist Zeit, Ihre E-Mail Services Konto zu erneuern. Ihre E-Mail-Konto wird in 24 Stunden am 3. Juli 2014. Bitte aktualisieren Sie Ihre E-Mail durch Hier klicken: Wenn die E-Mail abläuft, haben Sie keinen Zugriff mehr auf Ihre Dienste Account. Copyright © 2014. Alle Rechte vorbehalten. Online-Service-Team. }}} == Subject: E-mail Alert == * Date: 22.5.2014 * Sender: marshalled {{{ Sehr geehrter Nutzer, Bitte bestätigen Sie Ihre Konto. Um diese Aktion durchzuführen HIER KLICKEN Danke. Help Desk Universität Zürich ------------------ Dear User, Please validate your account. To perform this action CLICK HERE Thank you. Help Desk University of Zurich }}} == Subject: Account Update == * Date: 19.5.2014 * Sender: mrseva cheng {{{ We are currently updating our database and all email accounts need to be updated,uzh.ch webmail service will be upgrading to the latest 2014 anti-virus/anti-spam version.You are required to Update your account withing the next 72 hours so that your account can be updated or have your account suspended. CLICK MY ACCOUNT to update. Thank You. uzh.ch Webmail Admin. Copyright 2014©. }}} |
* Signed email: this is not commonly used but possible. We do not support those. * I-MATH members: use https://hello.math.uzh.ch - this is our secure chat server. * Decide on your own to use messengers like Signal, Threema, Telegram, Wire, !WhatsApp |
Phishing Emails
I received a phishing mail: What to do?
- Delete it.
I received a mail and I'm unsure if it is a phishing mail
Check our IT news: https://math.uzh.ch/li - we're publishing phishing mails there, as soon as we're aware of it.
Thinlinc: upper right corner you find our IT News channel. Blinking means there are new messages: right click on it to see the headlines, left click opens the channel in a browser.
Announcements starting with '[Phishing] ...' means: this is a phishing mail, delete it.
- Move the mouse over any given URL. Is the URL in the mail and the real URL (shown in the lower left corner) identical? Yes: that's a good sign.
- Do you know the URL? Yes: good sign (be very picky with comparing the URL).
Best is not to click on any URL in the mail. Instead use your bookmarks or type the URL manually - but not the one from the email! Use google to search for the correct website.
If you found nothing suspicious but you're still unsure: forward the mail to support@math.uzh.ch and ask us if it is reliable or a phishing mail.
What is a phishing mail?
An attacker tries to get your username/password by providing a website with a login box. Such a site will save your credentials. They often look identical to known websites.
What happens if I provided my credentials to a phishing site?
Thousands of people will receive spam, cause your credentials will be misused to send spam. You're reponsible for this!
The UZH will be marked as 'spammer' - UZH mail will be marked as potential spam or the receiving of UZH mail is completely denied.
- After submitting your credentials, it takes only a few minutes until the SPAM sending process starts.
If you realize something went wrong - change your I-MATH password immediately and contact us.
I can't open my mails anymore
- If we're seeing too much traffic on an account, we lock the account. This is the only way to securely stop sending further mail by the spammer.
We won't contact you: because you won't be able to read our mail anymore. You have to contact us (by your private email or via chat https://hello.math.uzh.ch).
How can I distinguish fake and reliable mail?
- Does the email ask me to log in somewhere?
- Did I request the action described in the email?
'Do not trust any email' means ...
Do not trust any email address.
Do not trust any content - see below 'Personalized...'.
Personalized by Big Data
- An attacker starts some 'big data' algorithm which reads a hacked email inbox, the collected email adresses (auto adressbook) and correlates that with other information like hacked email accounts, computer (incl. PDF, word or excel files saved on the computer) or general public available information.
A personalized email is built automatically and fits perfectly to your current situation, but it's still a fake.
Personalized by human
- With the hacked collected information and some creativity: no limits.
Should I stop using email?
- No - Email is by far the most accepted electronic way to communicate - keep it.
- Just be aware that an email behaves like a postcard: everyone can write it, with any sender address, with any information.
Are there alternatives to email?
Yes: use a service which guarantees the identity of a sender.
- Signed email: this is not commonly used but possible. We do not support those.
I-MATH members: use https://hello.math.uzh.ch - this is our secure chat server.
Decide on your own to use messengers like Signal, Threema, Telegram, Wire, WhatsApp