How to report a malicious or suspicious email
Aalto University ITS security requests samples of malicious or suspicious emails arriving at Aalto. These messages usually are scam and phishing and they may contain malware hidden in attachments.
Our goal is to block access to the links provided and teach our junk-email filter to recognize and warn about these messages. Attachments will be checked for malware and possible new findings will be sent to further analysis. For these purposes, we need the original messages as a whole (with full headers, links, and attachments). The easiest way to do this is to send the original message as an attachment directly to the ITS security team (security@aalto.fi). The following describes the procedure with all the Aalto supported email clients.
Your password is only for your own usage.
The email spam and malware filter is constantly being taught to be more efficient in detecting malware, phishing, scam, spam, etc. malicious content, but it is a known fact that any technical restriction or blockage can be circumvented or fooled. Thus it is very important for the recipients of the messages to be able to identify malicious messages and act properly with them. The following is a top-10 list of warning signs that should be considered when opening any email. One of these signs might be enough but the more matches there are, the more probable it is the message you got is scam and thus dangerous.
- Is the message in junk-email folder and marked with “possible spam” in subject line?
- These messages have been analyzed and found to be suspicious. Some errors occur and false positives are possible but are very rare.
- Is the message requesting usernames, password or other credentials (Aalto, credit card, online banking)?
- Admins or service providers NEVER ask for your credentials. If credentials are required, the message is phishing or scam. Aalto, banks, etc. do not send login requests with links via email.
- Does the sender’s address make any sense and are you the only and correct recipient?
- Check the sender’s address and think twice why the message has more than one recipient or why the recipient’s addresses are hidden.
- Is the language of the message wrong and/or are there excessive spelling etc. errors?
- Companies and organizations tend to know you and your language. English is the standard language in international communication. Excessive spelling or grammar errors are rare and always a warning sign.
- Login pages should always be secured (https), not http!
- Never type in any credentials if the page is not secured with https!
- Is there an ultimatum in the message (account closure, disruption of email service)?
- Ultimatums are always a warning sign! Let the account be closed rather than fall in a hurry as a victim of phishing.
- Is there a tight time limit (12/24/36/48hrs)?
- If there is a problem with your account, we will not wait for 12 hours. We will close your account and call you.
- Does the message contain attachments and should there be any?
- Attachments often contain malware and they are an easy way to circumvent spam filtering. Stop to think and try to verify the attachment before you open it.
- Are the attachments packed / compressed (zip, gz, cab) or is the type unknown to you?
- Packing / compressing is used to circumvent spam and malware filtering and to fool the recipient. Do not trust or open unknown file types!
- Does the message contain a link to a file in the web?
- Files in the web are not analyzed by email malware controls. Think and ask yourself why the file is in the web and not as an attachment?
If unsure, do send a sample to Aalto ITS security (security@aalto.fi). And remember: “we will not warn you, we will close your account and call you!”. Wishing you safe emailing in Aalto: Aalto ITS security
If you have received an email marked as spam with the subject "warning: possible spam" and it has been directed to your Junk email folder, you don't need to do anything.
In case of an email mistakenly marked as spam, report it to the Security Team by forwarding the email as an attachment to security@aalto.fi.
You can report spam in your Inbox using Outlook by selecting "Report Message" -> "Junk." This action sends a sample to Microsoft. Users of MacMail and Thunderbird can report spam by forwarding the email as an attachment to spam@aalto.fi.
Please note that marketing emails are generally not considered spam that Aalto University needs to address. If you receive marketing emails from companies, request that the company remove you from their mailing list.
Instructions to send a message as an attachment
- in message list view click the sample message with mouse button 2
- select ”forward as attachment”
- write a short description and add a subject
- add recipient as security@aalto.fi
- send the message
- start a new message and add recipient as security@aalto.fi
- write a short description and add a subject
- drag the sample by holding down the left mouse button and while on top of the new message release the button
- send the message (note! you can add multiple samples to the new message)
- start a new message and add recipient as security@aalto.fi
- write a short description and add a subject
- drag the sample by holding down the left mouse button and while on top of the new message release the button
- send the message (note! you can add multiple samples to the new message)
- in the message list view right-click the sample message
- first select ”forward and redirect” and then ”as attachment”
- write a short description and add a subject
- add recipient as security@aalto.fi
- send the message
- open the message and select the three dots menu
- select “forward as attachment” and type security@aalto.fi to the recipient field
- write a short description
- send the message