location: email » phishing

Institute of Mathematics - PublicMathWiki:

Revision 64 as of 2019-06-15 14:28:30

Clear message

Phishing Emails

I received a phishing mail: What to do?

  • Delete it.

I received a mail and I'm unsure if it is a phishing mail

  • Check our IT news: https://math.uzh.ch/li - we're publishing phishing mails there, as soon as we're aware of it.

    • Thinlinc: upper right corner you find our IT News channel. Blinking means there are new messages: right click on it to see the headlines, left click opens the channel in a browser. news.png

    • Announcements starting with '[Phishing] ...' means: this is a phishing mail, delete it.

  • If you found nothing, forward the suspect mail to support@math.uzh.ch and ask if it is reliable or a phishing mail.

What is a phishing mail?

An attacker tries to get your username/password by providing a website with a login box. Such site will save your credentials. They often looks identically to known websites.

What happens if I provided my credentials to a phishing site?

  • Thousands of people will receive spam, cause your credentials will be misused to send spam. You're reponsible for this!

  • The UZH will be marked as 'spammer' - UZH mail will be marked as potential spam or the receiving is completely denied.
  • After submitting your credentials, it takes only a few minutes until the SPAM sending process starts. If you realize something went wrong - contact us and change your I-MATH password immedately.

I can't open my mails anymore

  • If we're seeing too much traffic on an account, we lock the account. This is the only way to securely stop sending further mail by the spammer.
  • We won't contact you: cause you won't be able to read our mail anymore. You have to contact us!

How can I distinguish fake and reliable mail?

  • Does the email ask me to log in somewhere?
  • Did I requested the action described in the email?

'Do not trust any email' means ...

  • Do not trust any email address.

  • Do not trust any content - see below 'Personalized...'.

Personalized by Big Data

  • An attacker starts some 'big data' algorithm which reads a hacked email inbox, the collected email adresses (auto adressbook) and correlate that with other information like hacked email accounts, computer (incl. PDF, word or excel files saved on the computer) or general public available information.

  • A personalized email is build automatically and it fit's perfect to your current situation but it's still a fake.

Personalized by human

  • With the hacked collected information and some creativity: no limits.

Should I stop using email?

  • No - Email is by far the most accepted electronic way to communicate - keep it.
  • Just be aware that an email behaves like a postcard: everyone can write it, with any sender address, with any information.

Are there alternatives to email?

Yes: use a service which guarantees the identity of a sender.