Malicious e-mail
About malicious e-mail containing phishing, spam, viruses and the like.
There are varying amounts of e-mail of a malicious nature that reach users at KTH.
Report malicious email
When you receive a suspicious e-mail, you should act as soon as possible by
Report suspicious email to IT-Support
.
If you receive a return message that the e-mail message was not delivered, it means that KTH IT-Support has already blocked the link in the unwanted e-mail message.
Characteristics of malicious email
If you read e-mail with your mobile phone, you have few opportunities to quickly determine whether a sender is correct. If you on the other hand, read your e-mail via a computer, you can with a few simple tricks (for certain types of e-mail) listed below quickly determine if a message is fake:
-
Check how the language is used in the email. If it is strangely translated into Swedish, it is most likely fake.
-
Hold the mouse pointer over the senders name without clicking. Then you can see the senders real e-mail. Is it what you expected?
Do the name and e-mail address match what you expected?
Often, by looking at the sender's e-mail address (not just the name), you can determine if it appears to be a trusted sender. This can be difficult though if an e-mail account has been stolen. -
Hover the mouse pointer over a link in the e-mail without clicking on it. The real link will show as a balloon or down in the status bar at the bottom of the e-mail application. Does it look as expected?
If the link displayed does not have the real domain name in the first part of the link immediately following "https://", it is most likely a fake email. Do not click on this link!
Example for the domain kth.se (but works the same for other domain names):
Phishing
It happens that you get e-mail with senders who says incorrect that they are from KTH or another trusted sender (for example Postnord, PayPal, Apple, or similar). There is an attempt to retrieve passwords from users at KTH, so-called phishing.
The passwords are then used to send out spam and phishing.
Serious companies never ask their users for passwords.
Examples of pages where it is OK to enter your password:
-
https://webmail.kth.se
-
https://login.kth.se
-
https://login.ug.kth.se
Important! If the pages look the same but have different addresses in the first part of the address bar, it's a false page.
If you clicked on a link and submitted your user information, you should do as follows:
-
Change password via www.kth.se/activate
-
Attach the suspicious e-mail to KTH IT support by e-mail it-support@kth.se
Virus
One type of malicious mail contains attachments or links to malicious files. If you clicked on such a link or opened an attached file, you could get a virus on your computer. Viruses can do various bad things to your computer, such as recording keystrokes (to record and steal your password).
If this has happened, you should do as follows:
-
Disconnect the network cable immediately.
-
Turn off the computer.
-
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 6600
-
Change password via www.kth.se/activate using another computer or your mobile phone
Ransomware
A special type of malicious letter contains web links, and if you clicked on such a link, you can get your files encrypted so they become illegible.
If this happens, you should do as follows:
-
Disconnect the network cable immediately.
-
Turn off the computer.
-
Contact KTH IT support by e-mail using another computer or your mobile phone it-support@kth.se or call +468-790 6600
-
Change password via www.kth.se/activate using another computer or your mobile phone
External information at Swedish Civil Contingencies Agency website:
Problemområdet Ransomware (cert.se)
(in Swedish)
Spam
This is e-mail you receive with, for example, advertising or other unwanted content in the e-mail.
KTH uses advanced filters against spam that are continuously updated.