Malicious e-mail
About malicious e-mail containing phishing, spam, viruses and the like.
There are varying amounts of e-mail of a malicious nature that reach users at KTH.
Characteristics of malicious email
It can be difficult to know which links to avoid. It is not always enough to avoid clicking on links in e-mails that come from unknown senders. Fake e-mails can also occur that appear to come from trusted sources such as managers and employees.
If you read e-mail with your mobile phone, you have few opportunities to quickly determine whether a sender is correct. If you on the other hand, read your e-mail via a computer, you can with a few simple tricks (for certain types of e-mail) listed below quickly determine if a message is fake:
-
Check how the language is used in the email. If it is strangely translated into Swedish, it is most likely fake.
-
Hold the mouse pointer over the senders name without clicking. Then you can see the senders real e-mail. Is it what you expected?
Do the name and e-mail address match what you expected?
Often, by looking at the sender's e-mail address (not just the name), you can determine if it appears to be a trusted sender. This can be difficult though if an e-mail account has been stolen. -
Hover the mouse pointer over a link in the e-mail without clicking on it. The real link will show as a balloon or down in the status bar at the bottom of the e-mail application. Does it look as expected?
If the link displayed does not have the real domain name in the first part of the link immediately following "https://", it is most likely a fake email. Do not click on this link!
Example for the domain kth.se (but works the same for other domain names):

Report malicious e-mail
When you receive a suspicious e-mail, you should act as soon as possible by Report suspicious e-mail to IT-Support which helps in the work of preventing and identifying that type of message from reaching more users.
If you receive a return message that the e-mail message was not delivered, it means that KTH IT-Support has already blocked the link in the unwanted e-mail message.
Report malicious email
When you receive a suspicious e-mail, you should act as soon as possible by
Report suspicious email to IT-Support
which helps in the work of preventing and identifying that type of message from reaching more users.
If you receive a return message that the e-mail message was not delivered, it means that KTH IT-Support has already blocked the link in the unwanted e-mail message.
What should I do if I have clicked on a link that may be fake?
Contact it-support@kth.se or call 08-790 66 00 as soon as possible and tell us what has happened. In this way, KTH IT-Support can help minimize the risks and damage.
Phishing
You may receive messages such as e-mails or chats that contain false links from senders who falsely claim to be from KTH or another trusted sender. The method is called "phishing". This is a very common method for intruders who want to access KTH accounts, personal data, research and other information from KTH.
Therefore, it is important that you are observant of suspicious messages and links and quickly report these to KTH IT support.
Serious companies never ask their users for passwords.
Examples of pages where it is OK to enter your password:
-
https://webmail.kth.se
-
https://login.kth.se
-
https://login.ug.kth.se
Important! If the pages look the same but have different addresses in the first part of the address bar, it's a false page.
If you clicked on a link and submitted your user information, you should do as follows:
-
Change password via www.kth.se/activate
- Report suspicious email to IT-Support
-
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 66 00
Virus
One type of malicious mail contains attachments or links to malicious files. If you clicked on such a link or opened an attached file, you could get a virus on your computer. Viruses can do various bad things to your computer, such as recording keystrokes (to record and steal your password).
If this has happened, you should do as follows:
-
Disconnect the network cable immediately.
-
Turn off the computer.
-
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 66 00
-
Change password via www.kth.se/activate using another computer or your mobile phone
Ransomware
A special type of malicious letter contains web links, and if you clicked on such a link, you can get your files encrypted so they become illegible.
If this happens, you should do as follows:
-
Disconnect the network cable immediately.
-
Turn off the computer.
-
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 66 00
-
Change password via www.kth.se/activate using another computer or your mobile phone
External information at Swedish Civil Contingencies Agency website:
Problemområdet Ransomware (cert.se)
(in Swedish)
Spam
This is e-mail you receive with, for example, advertising or other unwanted content in the e-mail.
KTH uses advanced filters against spam that are continuously updated.