Skip to main content
To KTH's start page To KTH's start page

Malicious e-mail

About malicious e-mail

There is a lot of e-mail of a malicious nature. These may contain links or attachments that may be harmful.

Never click on a link or file that you are unsure that you really should have.

Some Rules of Procedure:

  • Be suspicious of senders you do not recognize.
  • Make sure who is the sender before responding / clicking any link and providing information.
  • Use automatic update on your computer operating system to always have the latest programs installed.
  • Use antivirus and firewall and make sure the latest updates are installed.

If you receive suspicious e-mails, please contact KTH IT Support at e-mail  and attach the unwanted e-mail as attachment. Guide for this: Attach an unwanted e-mail to KTH IT-Support

See the list to the left how to get e-mail header from some common clients.

At KTH, ongoing efforts are made to take action so that e-mail of a harmful nature never reaches the user.

It is important to report immediately if you have been affected.

In general

If you are reading your e-mail in your phone you it is not as easy to spot obvious wrong thngs in malicous e-mails.

If you read your e-mail in a computer there are som easy things to check to decite if it as a false e-mail.

  • Check out the language of the suspicious e-mail. Seems it strange translated into Swedish, it is most likely false.
  • Hold the mouse pointer over the senders name without clicking. Then you can see the senders real e-mail. Is it what you expected?
    Do the name and e-mail address match what you expected?
    Often, by looking at the sender's e-mail address (not just the name), you can determine if it appears to be a trusted sender. This can be difficult if a colleague's e-mail account has been stolen.
  • Hold the mouse pointer over a link in the e-mail without clicking. The real link will show as a balloon or down in the status bar at the bottom of the e-mail application. Does it look as expected?
    If the link displayed does not have the real domain name in the first part of the link (to the left of the first single / character), it is most likely a fake e-mail. Do not click on this link!

Example for the domain (but works the same for other domain names):

The difference between the real and the fake domain name in the link


It happens that you get e-mail with senders who says incorrect that they are from KTH or another trusted sender

(eg Postnord, PayPal, Apple, or similar). There is an attempt to retrieve passwords from users at KTH, so-called phishing.

The passwords are then used to send out spam and phishing.

Serious companies never ask their users for passwords.

Examples of pages where it is OK to enter your password:


Important! If the pages look the same but have different addresses in the first part of the address bar, it's a false page.

If you clicked on a link and submitted your user information, you should do as follows:

Change password via
Attach the suspicious e-mail to KTH IT support by e-mail


A type of malicious letter contains attachments or links to malicious files. If you clicked on such a link you can get viruses in your computer. Viruses can do different things with your computer. For example: register keyboard prints (your password).

If this has happened, you should do as follows:

  • Disconnect the network cable immediately.
  • Turn off the computer.
  • Contact KTH IT support by e-mail  or call +468-790 6600
  • Change password via


A special type of malicious letter contains web links, and if you clicked on such a link, you can get your files encrypted so they become illegible.

If this happens, you should do as follows:

  • Disconnect the network cable immediately.
  • Turn off the computer.
  • Contact KTH IT support by e-mail  or call +468-790 6600
  • Change password via

External information at Swedish Civil Contingencies Agency website: Problemområdet Ransomware (  (in Swedish)


This is unsolicited e-mail such as advertising or e-mail with pornographic content. It may be similar to the advertisement you get in the post box.

KTH has advanced spam filters that are updated on a regular basis.