Malicious e-mail

About malicious e-mail containing phishing, spam, viruses and the like.

There are varying amounts of e-mail of a malicious nature that reach users at KTH.

What can I do to increased protection?

Be alert on received emails with content that wants you to click on a link or send important information.
Please check the sender carefully before replying/clicking on any link.
Be vigilant against senders and sender addresses you don't recognise.
Follow the information on the characteristics of malicious email on this page.
Follow the information on Work securely with IT at KTH .

Characteristics of malicious email

It can be difficult to know which links to avoid. It is not always enough to avoid clicking on links in e-mails that come from unknown senders. Fake e-mails can also occur that appear to come from trusted sources such as managers and employees.

If you read e-mail with your mobile phone, you have few opportunities to quickly determine whether a sender is correct. If you on the other hand, read your e-mail via a computer, you can with a few simple tricks (for certain types of e-mail) listed below quickly determine if a message is fake:

Check how the language is used in the email. If it is strangely translated into Swedish, it is most likely fake.
Hold the mouse pointer over the senders name without clicking. Then you can see the senders real e-mail. Is it what you expected?
Do the name and e-mail address match what you expected?
Often, by looking at the sender's e-mail address (not just the name), you can determine if it appears to be a trusted sender. This can be difficult though if an e-mail account has been stolen.
Hover the mouse pointer over a link in the e-mail without clicking on it. The real link will show as a balloon or down in the status bar at the bottom of the e-mail application. Does it look as expected?
If the link displayed does not have the real domain name in the first part of the link immediately following "https://", it is most likely a fake email. Do not click on this link!

Example for the domain kth.se (but works the same for other domain names):

The difference between the real and the fake domain name in the link

Report malicious e-mail

When you receive a suspicious e-mail, you should act as soon as possible by Report suspicious e-mail to IT-Support which helps in the work of preventing and identifying that type of message from reaching more users.

If you receive a return message that the e-mail message was not delivered, it means that KTH IT-Support has already blocked the link in the unwanted e-mail message.

Report malicious email

When you receive a suspicious e-mail, you should act as soon as possible by Report suspicious email to IT-Support which helps in the work of preventing and identifying that type of message from reaching more users.

If you receive a return message that the e-mail message was not delivered, it means that KTH IT-Support has already blocked the link in the unwanted e-mail message.

What should I do if I have clicked on a link that may be fake?

Contact it-support@kth.se or call 08-790 66 00 as soon as possible and tell us what has happened. In this way, KTH IT-Support can help minimize the risks and damage.

Phishing

You may receive messages such as e-mails or chats that contain false links from senders who falsely claim to be from KTH or another trusted sender. The method is called "phishing". This is a very common method for intruders who want to access KTH accounts, personal data, research and other information from KTH.
Therefore, it is important that you are observant of suspicious messages and links and quickly report these to KTH IT support.

Serious companies never ask their users for passwords.

Examples of pages where it is OK to enter your password:

https://webmail.kth.se
https://login.kth.se
https://login.ug.kth.se

Important! If the pages look the same but have different addresses in the first part of the address bar, it's a false page.

If you clicked on a link and submitted your user information, you should do as follows:

Change password via www.kth.se/activate
Generate a new eduroam network secret
Report suspicious email to IT-Support
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 66 00

Virus

One type of malicious mail contains attachments or links to malicious files. If you clicked on such a link or opened an attached file, you could get a virus on your computer. Viruses can do various bad things to your computer, such as recording keystrokes (to record and steal your password).

If this has happened, you should do as follows:

Disconnect the network cable immediately.
Turn off the computer.
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 66 00
Change password via www.kth.se/activate using another computer or your mobile phone
Generate a new eduroam network secret

Ransomware

A special type of malicious letter contains web links, and if you clicked on such a link, you can get your files encrypted so they become illegible.

If this happens, you should do as follows:

Disconnect the network cable immediately.
Turn off the computer.
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 66 00
Change password via www.kth.se/activate using another computer or your mobile phone
Generate a new eduroam network secret

External information at Swedish Civil Contingencies Agency website: Problemområdet Ransomware (cert.se) (in Swedish)

Spam

This is e-mail you receive with, for example, advertising or other unwanted content in the e-mail.
KTH uses advanced filters against spam that are continuously updated.

My employment

Support and service

Education

Research

Organisation and regulations