Beware of Phishing Mails

ETH email users are currently receiving messages that attempt to trick the recipient into logging into a certain web page with their ETH username and password. Please be extremely careful with this type of email. In many cases, these are so-called Phishing mails which attempt to steal your login details.

Keep your password secure

Never submit your username and password on an unknown web page or if the source of the web page is unclear. Before you log on to a web page, always check its URL (Internet or web address), even if the web page appears to be authentic (see the example below).

Internal ETH emails regarding our IT infrastructure will never ask you directly for your login details. When directed to a web page, always check the URL to see if the web page really originates from the ETH. Here are a few tips to help you decide if a web page is authentic or a counterfeit:

  • Links included in email messages often hide the URL to which they are directed. When you run the mouse (cursor) over a link (without clicking on it), most mail clients will display the URL. Such links should not be followed (clicked) before you have verified the source of the email.

Here is an example of such a link:

Phishing3

The URL becomes visible when you run the cursor over the link („Click here to sign in“).

  • If you have already followed the link (clicked on it), check the URL displayed at the top of your browser window to see if the URL is legitimate.

 

Logon to trustworthy sites only

In this example, you see a URL from a forged ETH web page:
Phishing2

 

Some forged web pages are not so easy to detect:

 

In case of doubt check with your supporter

If you are uncertain about a link, contact your IT support group or the ITS Service Desk before clicking on the link or logging onto a web page. We will gladly help you.

 

Posted on
in News English