How to identify a phishing email ?

Good habits

1 . Analyze the content of the e-mail

Spelling mistakes ? Incomprehensible sentences? Requests for personal information? In this case, it is obviously a phishing.
Do not answer and ignore the message.

2 . Identify the sender with certainty

Good habit: Check the name and address of the sender and / or the return address. If the email address seems consistent, you can continue. Otherwise, do not answer!

Examples	Explanations
	Illegitimate ! The address displayed is "bogus".
	Illegitimate ! The address stored in the header of the email is bogus.
	Legitimate ! The mail domain @unige.ch is the trusted domain for the University. Are also valid : @etu.unige.ch, @listes.unige.ch

3. Verify the reply-to e-mail address

An email may contain a return email address different from the address of the sender address. This is the address that will be used if responding to this email.
Good habit : check the address as you check the email address of the sender. Sif you have a doubt, the easiest thing to do is checking the email address that will be selected when replying to email.

Exemples	Explications
	Legitimate ! The email address of the sender is unilists@unige.ch and the return address is dis-communication@unige.ch
	Illegitimate ! The return email address is illegitimate (transmets-moi-ton-mot-de-passe@password-fichu.com) Depending on your mail client, the mail return address does not always appear. You can check it when you answer the email. Illustration

4. Identify suspicious links

Does the email contain a hyperlink? It is necessary to check the syntax of the link.
What matters is not the link as displayed in the email, but the link as recorded in the HTML content of the email.

Good habit : Position your mouse over the link and wait for the link to display. If it is known, you can continue. Otherwise, do not click !

Examples	Explanations
	Illegitimate ! The address displayed is "bogus".
	Illegitimate ! The address stored in the header of the email is bogus (swisscom.ch) The link in html is also bogus.
	Legitimate ! The mail domain unige.ch is the trusted domain for the University. Be careful : a domain such as : something.unige.ch is valid, but a domaine such as unige.something.ch is not valid --> Other nontrusted domains : unige.cn, unige.org, unige.com, unige.edu

Tips and tricks

On the unige.ch domain, the most sensitive web services such as webmail outlook.unige.ch use a security certificate that allows you to quickly verify that you are on a secure site of the University of Geneva.
You can usually find this information near the web address bar, depending on the browser you use.

You will find below, depending on the web browser used , where to verify the validity of the security certificate (something.unige.ch domain and colored in green) :

For Firefox

For Internet Explorer

For Safari

For Google Chrome

5. Attachment

Attachments contained in emails may contain a virus / malware that will retrieve your personal information, including your password. One click on an attachment may be sufficient to activate it.

• Do not open an attachment if you are not sure about the identity of the sender.
• Before opening an attachment, it is strongly recommended to save it on the hard drive and perform a virus check.

6. You are in doubt

If you have any doubts about the origin of an email containing a link, it should not be opened and you should call the helpdesk (CAD) who will inform you : (022 37) 97000

7. You have identified a phishing email?

Take part in your safety and that of your colleagues ! Report the problem to us via cad@unige.ch.
By submitting a case of phishing our team (see the Windows version and the Mac version) we will be able to disable it and inform other users.

8.  Test your knowledge with this english Quiz or the french Quiz