Skip to main content

Malicious email

There is a lot of e-mail of a malicious nature. these may contain links or attachments that may be harmful.

Never click on a link or file that you are unsure that you really should have.

Some Rules of Procedure:

  • Be suspicious of senders you do not recognize.
  • Make sure who is the sender before responding / clicking any link and providing information.
  • Use automatic update on your computer operating system to always have the latest programs installed.
  • Use antivirus and firewall and make sure the latest updates are installed.

If you receive suspicious emails, please contact KTH IT Support at e-mail  and attach the unwanted e-mail as attachment. Guide for this: Attach an unwanted e-mail to KTH IT-Support

See the list to the left how to get email header from some common clients.

At KTH, ongoing efforts are made to take action so that e-mail of a harmful nature never reaches the user.

It is important to report immediately if you have been affected.


It happens that you get email with senders who says incorrect that they are from KTH or another trusted sender

(eg Postnord, PayPal, Apple, or similar). There is an attempt to retrieve passwords from users at KTH, so-called phishing.

The passwords are then used to send out spam and phishing.

Serious companies never ask their users for passwords.

Examples of pages where it is OK to enter your password:

If the pages look the same but have different addresses in the first part of the address bar, it's a false page.

If you clicked on a link and submitted your user information, you should do as follows:

Change password via
Attach the suspicious email to KTH IT support by email


A type of malicious letter contains attachments or links to malicious files. If you clicked on such a link you can get viruses in your computer. Viruses can do different things with your computer. For example: register keyboard prints (your password).

If this has happened, you should do as follows:


A special type of malicious letter contains web links, and if you clicked on such a link, you can get your files encrypted so they become illegible.

If this happens, you should do as follows:

External information at Swedish Civil Contingencies Agency website: Problemområdet Ransomware  (in Swedish)


This is unsolicited email such as advertising or mail with pornographic content. It may be similar to the advertisement you get in the post box.

KTH has advanced spam filters that are updated on a regular basis.


  • Often, by looking at the sender's email address (not just the name), you can determine if it appears to be a trusted sender. This can be difficult if a colleague's e-mail account has been stolen.
  • Check out the language of the suspicious mail. Seems it strange translated into Swedish, it is most likely false.
  • If you put the pointer over a link inside an email, you can see where it actually goes. It appears as a balloon or down in the status bar at the bottom of the mail application.
  • If the link displayed does not have the real domain name in the first part of the link (to the left of the first single / character), it is most likely a fake mail. Do not click on this link!

Example for the domain (but works the same for other domain names):

The difference between the real and the fake domain name in the link
Did you find this page useful?
Thank you for helping us!
Belongs to: KTH Intranet
Last changed: Sep 22, 2020