Skip to main content
To KTH's start page

Malicious e-mail

About malicious e-mail containing phishing, spam, viruses and the like.

There are varying amounts of e-mail of a malicious nature that reach users at KTH.

Do not spread malicious e-mail

At KTH, ongoing efforts are made to take action so that e-mail of a harmful nature never reaches the user.

It is important to report immediately if you have been affected.

However, do not further alert your colleagues by forwarding the phishing email. KTH IT-Support clears phishing messages, and it makes that work more difficult if phishing messages are spread further within KTH by forwarding.

Report malicious email

When you receive a suspicious e-mail, you should act as soon as possible by Report suspicious email to IT-Support .

If you receive a return message that the e-mail message was not delivered, it means that KTH IT-Support has already blocked the link in the unwanted e-mail message.

Some rules of conduct

Never click on a link or file that you are not sure you are really going to receive.

Be suspicious of senders you do not recognize.

Make sure who is the sender before responding / clicking any link and providing information.

Use automatic update on your computer operating system to always have the latest programs installed.

Use antivirus and firewall and make sure the latest updates are installed.

Characteristics of malicious email  

If you read e-mail with your mobile phone, you have few opportunities to quickly determine whether a sender is correct. If you on the other hand, read your e-mail via a computer, you can with a few simple tricks (for certain types of e-mail) listed below quickly determine if a message is fake:

  • Check how the language is used in the email. If it is strangely translated into Swedish, it is most likely fake.

  • Hold the mouse pointer over the senders name without clicking. Then you can see the senders real e-mail. Is it what you expected?
    Do the name and e-mail address match what you expected?
    Often, by looking at the sender's e-mail address (not just the name), you can determine if it appears to be a trusted sender. This can be difficult though if an e-mail account has been stolen.

  • Hover the mouse pointer over a link in the e-mail without clicking on it. The real link will show as a balloon or down in the status bar at the bottom of the e-mail application. Does it look as expected?
    If the link displayed does not have the real domain name in the first part of the link immediately following "https://", it is most likely a fake email. Do not click on this link!

Example for the domain kth.se (but works the same for other domain names):

The difference between the real and the fake domain name in the link

Phishing

It happens that you get e-mail with senders who says incorrect that they are from KTH or another trusted sender (for example Postnord, PayPal, Apple, or similar). There is an attempt to retrieve passwords from users at KTH, so-called phishing.

The passwords are then used to send out spam and phishing.

Serious companies never ask their users for passwords.

Examples of pages where it is OK to enter your password:

  • https://webmail.kth.se

  • https://login.kth.se

  • https://login.ug.kth.se

Important! If the pages look the same but have different addresses in the first part of the address bar, it's a false page.

If you clicked on a link and submitted your user information, you should do as follows:

Virus

One type of malicious mail contains attachments or links to malicious files. If you clicked on such a link or opened an attached file, you could get a virus on your computer. Viruses can do various bad things to your computer, such as recording keystrokes (to record and steal your password).

If this has happened, you should do as follows:

  • Disconnect the network cable immediately.

  • Turn off the computer.

  • Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se  or call +468-790 6600

  • Change password via www.kth.se/activate  using another computer or your mobile phone

Ransomware


A special type of malicious letter contains web links, and if you clicked on such a link, you can get your files encrypted so they become illegible.

If this happens, you should do as follows:

  • Disconnect the network cable immediately.

  • Turn off the computer.

  • Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se  or call +468-790 6600

  • Change password via www.kth.se/activate  using another computer or your mobile phone


External information at Swedish Civil Contingencies Agency website: Problemområdet Ransomware (cert.se)  (in Swedish)

Spam

This is e-mail you receive with, for example, advertising or other unwanted content in the e-mail.
KTH uses advanced filters against spam that are continuously updated.