Watch out for scammers

The administrators or Helpdesk never ask for access right details by e-mail!
Messages asking for passwords are always a hoax!

Phishing attempts are continuously targeted at the university. Junk mail is automatically filtered from the e-mail, but inappropriate messages, nevertheless, end up in the users’ mailboxes. There is no reason to worry, but everyone should be aware of some basic facts and means used by frauds.

Learn to recognise scam messages and be prepared to act correctly with them.
Avoiding online scams in the Student’s digital skills section provides more detailed information on different scamming methods.

The IT Center provides information on exceptional phishing campaigns in all its normal communication channels:

• In Flamma messages
• In Viva Engage’s Tietotekniikan vertaistuki channel
  • Tip: you can subscribe to receive notifications of channel posts in your email inbox!
• On the front page of the IT Helpdesk in the Current topics section
• On Twitter in IT_HelsinkiUni channel

Make a habit of regularly following one of the above-mentioned channels. These channels also offer a plentiful of other IT-related information that will boost your working.

• Follow also the info screens at the campuses
• You can check the functioning of several services on page https://status.helsinki.fi/

Before clicking a link or writing your username to any website, check first where the link takes you. You can do that by taking the mouse cursor on the link and your browser will show you the address, usually at the bottom of the browser window.

These Helpdesk instructions provide tips for identifying phishing messages. Please note that this page only gives examples of different phishing messages.

Flamma’s Information security and privacy protection page offers a lot of useful information for all students and employees of the university.

Although there are many different kinds of scamming messages, they share some general features. The message typically gives an impression that if you do not act quickly, a certain service will stop working or you will lose a benefit. The message is usually written in poor Finnish or English.

There is one example of a typical scamming message in the picture below.

1. The sender of the message may be a seemingly familiar person. It is easy to forge the sender information. Do not blindly believe in them.
2. The link text does not show the address of the link. Here the text says Click Here.
3. You can usually see the address at the bottom of the browser window by taking the mouse cursor on the link (you can check the address on a smartphone by pressing the link for a couple of seconds). In this case, the link takes you to page
   https://helsinki-help-service-desk.weebly.com. Compare to the actual address of the university Helpdesk https://helpdesk.it.helsinki.fi/
4. The message says that if you do not act quickly, your e-mail will be closed. The threat is often intensified by claiming, for example, that all your messages will be destroyed. Do not panic, and do not act out of panic. If you are not sure what to do, you can always ask for advice from the Helpdesk.
    
   

The page may look real and resemble the actual university login page. In the example below, you can see that the page is a scam page by looking at the address row: the page is at address www.sukmoplus.com/  instead of helsinki.fi or office.com. Most of the browsers highlight the meaningful part of the address, as shown in the picture.

• A scam message can as simple as this. Do not click the link!
  

You can reduce the number of scam messages arriving in the mailboxes of the students and employees of the university by reporting all junk mail arriving in your mailbox according to these instructions. The reports are used to improve the junk mail filters.

• Reporting junk mail in Outlook
• Reporting junk mail in OWA

The IT Center is interested in all the phishing messages which attempt to phish the passwords of the students and employees of the university. These should be reported to the e-mail administrator. The administration will prevent the sending of mail to the phishers address to minimise damages.

Check if the sender’s address is already on the blocklist. This can be done at the address
http://majordomo.helsinki.fi/check_email_address.html

If the observed phishing comes from helsinki.fi address, report this at address tietoturva@helsinki.fi. Attach the received message including the header information to your report. Report only the phishing attempts that try to phish passwords.

Change your password immediately (see instructions Changing the password), and contact the Helpdesk.

You can also check the e-mail redirecting rules. Criminals who have gained access to your user account may have created e-mail redirecting rules to your mailbox. If this has happened, your incoming mail will be redirected to somewhere else and you will not receive your mails.

The incoming e-mail to the university is filtered automatically. Messages that are marked as junk mail will be directed to the junk mail folder of the e-mail application (e.g. Junk Email, Junk mail). The automatic filtering is not, nevertheless, infallible, so please check your junk mail folder regularly. It may also contain real e-mail messages.