Tips for recognising malicious emails and links
Recently, several malicious emails have been sent to KTH email addresses. Here are some tips from KTH's IT department to avoid being affected by malicious content.
Sometimes you may receive messages to your KTH email address that have the purpose of stealing your password in order to gain access to your personal information. This is called phishing. The sender is fishing for personal information.
With some common sense, you will get quite far in protecting your email. Here are some tips.
First of all, make sure your antivirus software and other security software on your computer are always up to date.
When you receive an email
- Is it a sender you recognise or are expected to receive a message from?
- Check the email address the message comes from, not just the name. Normally, you can hold the mouse pointer over the sender's name to see the email address. Does this match what you expect?
- Think about the language in message. For example, if the message comes from a company or authority but contains grammar or spelling errors.
- If the message contains a link or file, does it seem reasonable to be sent from the sender?
- Does the sender ask you for a password? Then it is with 100 per cent certainty a false message. No authorities or companies ask their users for their passwords.
Is there an attachment in the message?
Consider all the above points before clicking on the file. If you have the slightest suspicion that not everything is correct, you should refrain from clicking on the file.
Some types of files may have firmware that takes control of your computer or files, and it may be costly or impossible to recover your computer or files.
Is there a link in the message?
First, think about the above points. Then you should also check the link. Do not click to open the link!
- If you read an email via a mobile phone: Hold your finger on the link until an information box appears showing the link's correct address (URL).
- If you read an email via computer: Hold the mouse pointer over the link without clicking. Then the link's address is displayed as a balloon or at the bottom of the email client's status list.
Does the link's address seem reasonable in relation to where the email is coming from?
If the email comes from noreply@kth.se or another kth.se address, then the link should also have kth.se as the last word to the left of the first simple slash.
If you are unsure, refrain from clicking on the link.
Have you clicked on a link and ended up on a login page?
Say you received an email from KTH. You have checked everything, think everything seems right, open a link and then ends up on a login page. Then you need to check that the login in page is correct. It is common for criminals to build copies of KTH's various services in the hope that someone will enter their password to gain control over that person's KTH account.
Check that it is KTH's page, so you do not end up with a fake copy
Look in the address bar at the top of the browser before entering your login details. If it says kth.se directly to the left of the first simple slash, then you are safe.
More information
Some information about this can be found on the IT support's webpage: Malicious email (kth.se)