How to report a malicious or suspicious email
Aalto University ITS security requests samples of malicious or suspicious emails arriving at Aalto. These messages usually are scam and phishing and they may contain malware hidden in attachments.
Our goal is to block access to the links provided and teach our junk-email filter to recognize and warn about these messages. Attachments will be checked for malware and possible new findings will be sent to further analysis. For these purposes, we need the original messages as a whole (with full headers, links, and attachments). The easiest way to do this is to send the original message as an attachment directly to the ITS security team ([email protected]). The following describes the procedure with all the Aalto supported email clients.
Your password is only for your own usage.
The email spam and malware filter is constantly being taught to be more efficient in detecting malware, phishing, scam, spam, etc. malicious content, but it is a known fact that any technical restriction or blockage can be circumvented or fooled. Thus it is very important for the recipients of the messages to be able to identify malicious messages and act properly with them. The following is a top-10 list of warning signs that should be considered when opening any email. One of these signs might be enough but the more matches there are, the more probable it is the message you got is scam and thus dangerous.
- Is the message in junk-email folder and marked with “possible spam” in subject line?
- These messages have been analyzed and found to be suspicious. Some errors occur and false positives are possible but are very rare.
- Is the message requesting usernames, password or other credentials (Aalto, credit card, online banking)?
- Admins or service providers NEVER ask for your credentials. If credentials are required, the message is phishing or scam. Aalto, banks, etc. do not send login requests with links via email.
- Does the sender’s address make any sense and are you the only and correct recipient?
- Check the sender’s address and think twice why the message has more than one recipient or why the recipient’s addresses are hidden.
- Is the language of the message wrong and/or are there excessive spelling etc. errors?
- Companies and organizations tend to know you and your language. English is the standard language in international communication. Excessive spelling or grammar errors are rare and always a warning sign.
- Login pages should always be secured (https), not http!
- Never type in any credentials if the page is not secured with https!
- Is there an ultimatum in the message (account closure, disruption of email service)?
- Ultimatums are always a warning sign! Let the account be closed rather than fall in a hurry as a victim of phishing.
- Is there a tight time limit (12/24/36/48hrs)?
- If there is a problem with your account, we will not wait for 12 hours. We will close your account and call you.
- Does the message contain attachments and should there be any?
- Attachments often contain malware and they are an easy way to circumvent spam filtering. Stop to think and try to verify the attachment before you open it.
- Are the attachments packed / compressed (zip, gz, cab) or is the type unknown to you?
- Packing / compressing is used to circumvent spam and malware filtering and to fool the recipient. Do not trust or open unknown file types!
- Does the message contain a link to a file in the web?
- Files in the web are not analyzed by email malware controls. Think and ask yourself why the file is in the web and not as an attachment?
If unsure, do send a sample to Aalto ITS security ([email protected]). And remember: “we will not warn you, we will close your account and call you!”. Wishing you safe emailing in Aalto: Aalto ITS security
Jos olet saanut sähköpostiisi roskapostia, jonka otsikossa on "warning: possible spam" ja viesti on ohjautunut roskapostilaatikkoosi(Junk email), ei sinun tarvitse tehdä mitään.
Virheellisesti roskapostiksi merkatusta viestistä tulee ilmoittaa Tietoturvaryhmälle lähettämällä saamasi viesti liitteenä osoitteeseen [email protected].
Roskapostista Saapuneet-kansiossa(Inbox) voi raportoida Outlookissa käyttäen "Report Message" --> "Junk"-toimintoa. Tälloin viestistä lähtee näyte Microsoftill. MacMailin ja Thunderbirdin käyttäjät voivat raportoida roskapostit lähettämällä saamansa roskapostiviestin liitteenä osoitteeseen [email protected].
Huomaathan, että markkinointiviestit eivät lähtökohtaisesti ole roskapostia, johon Aalto-yliopiston tulee puuttua. Jos saat markkinointiviestejä yrityksiltä, pyydä viestejä lähettävää yritystä poistamaan itsesi heidän viestilistaltaan.
Instructions to send a message as an attachment
- in message list view click the sample message with mouse button 2
- select ”forward as attachment”
- write a short description and add a subject
- add recipient as [email protected]
- send the message
- start a new message and add recipient as [email protected]
- write a short description and add a subject
- drag the sample by holding down the left mouse button and while on top of the new message release the button
- send the message (note! you can add multiple samples to the new message)
- start a new message and add recipient as [email protected]
- write a short description and add a subject
- drag the sample by holding down the left mouse button and while on top of the new message release the button
- send the message (note! you can add multiple samples to the new message)
- in the message list view right-click the sample message
- first, select ”forward as” and then ”attachment”
- write a short description and add a subject
- add recipient as [email protected]
- send the message
- open the message and select the three dots menu
- select “forward as attachment” and type [email protected] to the recipient field
- write a short description
- send the message
IT Services
- Published:
- Updated: