The current wave of password phishing mails seems to provoke an unusually high attention rate.  People seem to think that mail allegedly coming from help@ethz.ch may be genuine.  The german text itself is so bad that its spammy character is obvious to long time mail users.

Remember: any part of a mail can be faked. This is in the design of the mail system and cannot be fixed without making mail usage a lot harder for everybody.  And even if we used a better system (like cryptographic signatures) the rest of the world would not follow.

Therefore, be sceptic about any mail until the complete impression including the writing style fits the picture.  No IT support worth their salt will ask you to reveal your password.  And if they do they deserve to be ignored!

Of course 'UPGRADE YOUR ETHZ E-Mail-Konto.' is a phishing attempt. And not a bad one at that. The German is halfway correct and they even used different From: and Reply-To: addresses. But still: no administrator worth her title would ever ask for a password. Please delete.

Currently a great number of phishing e-mails are flooding the intarwebs, not all of which are being discarded by our spam filters.

Please remember that neither we nor ETH Informatikdienste would ever ask you to provide your account data, let alone via e-mail. Never ever send this information to anyone.

These e-mails are pretty well written, but sender addresses like <info@account.com> and <accountupgrade@j-mail.info> should make all your alarm bells go off.

Thanks for your cooperation.