Junk mail and phishing

Junk mail or spam refers to unsolicited mass e-mail.

Spammers usually use addresses extracted from websites. Spam is annoying, and handling junk mail is time-consuming. Spam may also contain malware, such as viruses and worms (read more about viruses).

The contents of spam e-mails varies greatly, but often they are advertisements of a product, a web service, a money-making scheme or a method to get rich quickly. The following features are also common signs of spam:

  •  the sender is a complete stranger to you
  • the message subject is in English
  • the subject or text of the message contains special characters to fool spam filters on servers, such as “Sensattional revolution in meedicine! Clisk h`ere”
  • the message subject contains “RE” to give the impression that the message is a reply to a previous message
  • the message contains an attachment in HTML
  • the message starts with “This is not spam”.

Phishing for user accounts

In a more elaborate type of scam, the sender tries to obtain personal information from people by imposing as a mail system/user account administrator or IT support person. This type of criminal activity is called phishing.

There have been several attempts to obtain personal information from university IT system users as well. Despite the efforts of the administration, phishing messages sometimes reach the mailboxes of users – and there is always someone who falls victim to the scam. The language used in phishing messages is often quite clumsy but, on the other hand, they may also be written in fluent Finnish.

The best way to combat online scams is to never give your password to anyone. The genuine administration of any service will be able to resolve your issue without asking for your password. For more information on online scams, read the chapter on information security. If you become the target of a phishing attempt, notify the university’s e-mail administration. Follow the instructions given on this page.

Safeguarding your e-mail address against spam

The best way to avoid spam is to not enter your primary e-mail address on websites or advertising mail lists. If you need to provide your e-mail address in some form, you can give it in an altered format (such as raimo dot keski-vaanto at helsinki dot fi) or create a small photo image of the address. In this way, systems used by spammers that search for e-mail addresses on different websites, blogs, etc. will not recognize your address as an e-mail address.

Here are some instructions on what to do if you receive spam:

  • Never reply to the spammer as this would confirm that someone is actually reading the messages sent to your address.
  • Junk mail messages often give you the opportunity to have your address removed from the mail list. However, you should be suspicious of this possibility, as malicious spammers use this method to verify that the address is in use.
  • Do not open links or images included in spam messages. A link or the online address of an image may include a tag revealing to the spammer the e-mail address from which the picture is viewed.
  • Be highly suspicious of offers made in spam messages: many offers sent from unknown addresses are illegal. Be realistic: if an offer sounds too good to be true, it almost always is.
  • Chain letters are considered junk mail. Do not forward them.

Automatic filtering of junk mail

In many e-mail applications, you can filter spam based on the sender or automatically. See the IT Center site for more information on how to filter junk mail in Outlook.

Most spam is filtered out already at the mail server. The mail server of the University of Helsinki also uses such a filter. Thanks to centralized spam detection at the server, you receive considerably less spam in your inbox.

As e-mail filtering is carried out automatically, there is a small chance that the filtering algorithm classifies proper e-mail as spam. You should, therefore, check the contents of the Junk folder every now and then.