The phishing "impersonation" problem is something that is very hard to deal with from a technical perspective:
- There are LOTS of people to impersonate (virtually any supervisor is a target)
- Impersonation can take many forms, e.g.,
- just a name in the body of the message
- a personal name associated with the sender
- an external address that looks like it belongs to the person being impersonated
- It's up to the recipient to apply a "smell" test:
- Does the real sender match the impersonated sender?
- Does the message come from the impersonated sender's UNI email address?
- Does the content and what's shared from where make sense?
- Remain skeptical about the authenticity of the message
- Perhaps even contact the impersonated sender, not by replying to the questionable message but by reaching out via direct email, a phone call, or a face-to-face question.
If the message seems at all odd, it almost certainly is a phishing attempt. Better to think a real message is phishing than vice versa! You will be forgiven (or certainly should be!).