Watch out for scammers
The administrators or Helpdesk never ask for access right details by e-mail!
Messages asking for passwords are always a hoax!
Phishing attempts are continuously targeted at the university. Junk mail is automatically filtered from the e-mail, but inappropriate messages, nevertheless, end up in the users’ mailboxes. There is no reason to worry, but everyone should be aware of some basic facts and means used by frauds.
Learn to recognise scam messages and be prepared to act correctly with them.
Avoiding online scams in the Student’s digital skills section provides more detailed information on different scamming methods.
The IT Center provides information on exceptional phishing campaigns in all its normal communication channels:
- In Flamma messages
- In Yammer’s All Company channel
- In Yammer’s Tietotekniikan vertaistuki channel
- On the front page of the instruction pages in the News and events section
- On Twitter in IT_HelsinkiUni channel
Make a habit of regularly following one of the above-mentioned channels. These channels also offer a plentiful of other IT-related information that will boost your working.
- Follow also the info screens at the campuses
- You can check the functioning of several services on page http://status.helsinki.fi/
Before clicking a link or writing your username to any website, check first where the link takes you. You can do that by taking the mouse cursor on the link and your browser will show you the address, usually at the bottom of the browser window.
These Helpdesk instructions provide tips for identifying phishing messages. Please note that this page only gives examples of different phishing messages.
Flamma’s Information security and privacy protection page offers a lot of useful information for all students and employees of the university.
Although there are many different kinds of scamming messages, they share some general features. The message typically gives an impression that if you do not act quickly, a certain service will stop working or you will lose a benefit. The message is usually written in poor Finnish or English.
There is one example of a typical scamming message in the picture below.
- The sender of the message may be a seemingly familiar person. It is easy to forge the sender information. Do not blindly believe in them.
- The link text does not show the address of the link. Here the text says Click Here.
- You can usually see the address at the bottom of the browser window by taking the mouse cursor on the link (you can check the address on a smartphone by pressing the link for a couple of seconds). In this case, the link takes you to page
https://helsinki-help-service-desk.weebly.com. Compare to the actual address of the university Helpdesk https://helpdesk.it.helsinki.fi/
- The message says that if you do not act quickly, your e-mail will be closed. The threat is often intensified by claiming, for example, that all your messages will be destroyed. Do not panic, and do not act out of panic. If you are not sure what to do, you can always ask for advice from the Helpdesk.
The page may look real and resemble the actual university login page. In the example below, you can see that the page is a scam page by looking at the address row: the page is at address www.sukmoplus.com/ instead of helsinki.fi or office.com. Most of the browsers highlight the meaningful part of the address, as shown in the picture.
- A scam message can as simple as this. Do not click the link!
You can reduce the number of scam messages arriving in the mailboxes of the students and employees of the university by reporting all junk mail arriving in your mailbox according to these instructions. The reports are used to improve the junk mail filters.
The IT Center is interested in all the phishing messages which attempt to phish the passwords of the students and employees of the university. These should be reported to the e-mail administrator. The administration will prevent the sending of mail to the phishers address to minimise damages.
Check if the sender’s address is already on the blocklist. This can be done at the address
If the observed phishing comes from helsinki.fi address, report this at address tietoturva [ät] helsinki.fi. Attach the received message including the header information to your report. Report only the phishing attempts that try to phish passwords.
Voit lisäksi tarkistaa postinohjaussäännöt. Tunnuksesi tietoonsa saaneet rikolliset ovat voineet luoda postinohjaussääntöjä postilaatikkoosi. Jos näin on käynyt, sinulle tuleva posti ohjautuu jonnekin muualle, etkä saa postejasi.
The incoming e-mail to the university is filtered automatically. Messages that are marked as junk mail will be directed to the junk mail folder of the e-mail application (e.g. Junk Email, Junk mail). The automatic filtering is not, nevertheless, infallible, so please check your junk mail folder regularly. It may also contain real e-mail messages.