View Source

Everyone has come across a suspicious email attempting to get your confidential information. Usually phishing email can be easily identified by the address it's sent from, typos or suspicious content. Nowadays phishing email can look credible, which makes it more difficult to identify. Some messages can use information that can be found online to make the message seem more real, such as first and last name. Phishing emails are very common, because it's easy and effective to implement.

Phishing is criminal activity done in an IT environment. It is a attempt to get a person's private information. Often a phishing e-mail pretends to be coming from a legitimate party and requests information that should be kept private. Most phishing messages that Metropolia users receive asks to give their password because of a change in some system.

Important to note is that any email containing an unknown link must be dealt with care. Especially if the email is from an unexpected source.

If you have click a link in a phishing email act as instructed:

Change your password IMMIDEADTLY at https://salasana.metropolia.fi
Contact Helpdesk by calling the phone service, 09 7424 6777 (open weekdays 8-16). If the phone services are not available, open a service ticket at https://hd.metropolia.fi or by email helpdesk@metropolia.fi

IT Services > Email phishing > image2021-3-11_10-19-46.png

1. Guide to recognize a phishing email

In the example picture, you can see a picture of a phishing email that Metropolians received before. This guide is for the Microsoft Outlook desktop version, but most email programs work the same way.

Hover your mouse over the link. In this picture, the “Recover Delayed Messages” is the link. Usually, the link is the one where the email is instructing you to click.
When your mouse is hovering over the link, you can see Outlook URL-address. It will appear on the bottom of your screen or similarly as in the picture. In some programs, you can display the URL-address by right-clicking the link.
See the URL-address, which is highlighted by the red box in the picture above. It does not direct you to a trusted website like metropolia.fi or some other familiar website. So the URL-address directs you to an unknown page where it’s likely to ask for your username and password. This way the scammers get your login information.
If you have clicked one of these unknown links, it usually takes you to a familiar login page. In the example picture below, you can see that the webpage looks pretty much the same as in Metropolias login page. Nevertheless, where you can detect scam is by looking at the webpages address bar.

IT Services > Email phishing > Untitled.jpg

2. Inspect the message as a whole

If the content of the message tries to put pressure on urgency, it is worth calming the situation. Creating urgency is a common way in scams to guide you to do something without thinking.

While it is not uncommon to receive an email from someone for the first time, it is important to review the message before taking any further action.

In professional companies, the communication staff ensures the quality and professionalism of the messages sent to customers. If the message contains typos or a poorly written message, this may indicate a scam.

Keep in mind that Metropolia never asks for your password.

3. Check the sender's actual address

Sometimes a phishing scammer manages to send an email so that even the sender’s address looks right. Even if you check the sender's address according to the instructions below, this is not a guarantee of the authenticity of the message.

Often, the messages even come from an address that does not belong to the alleged sender. You will see the address above the message as shown in the image (the address is highlighted in red):

IT Services > Email phishing > image2022-6-2_10-5-18.png

In the example above, the sender is named "Metropolia University of Applied Sciences". When you take a closer look at the sender's address, you will notice that it does not end at @metropolia.fi. This is therefore not Metropolia's e-mail address.

If the address refers to a sender other than what is claimed in the sender's name, the message is likely a scam. However, sometimes it is also possible to forge the sender's address, or messages may have been sent from a hacked email account. Therefore, the sender's address may also look genuine, even if it is a scam message. For this reason, it is important to always look at the message as instructed in sections 1 and 2.

4. Ask Helpdesk and forward the e-mail message to Helpdesk

If you are unsure about the authenticity of a message or need help identifying the authenticity, please contact the Helpdesk telephone service, 09 7424 6777 or by making a service request at https://hd.metropolia.fi. It is better to be sure of this than to be the target of a scam. The Helpdesk is very happy to help with these matters. Early notification of phishing will help IT Management Services prevent phishing from continuing.

We will be able to resolve all the important information from the e-mail message, if you'll forward it to us as an attachment like this:

Outlook Client (Windows)

Open the message in Outlook, but don't click any links in it.
Choose More -> Forward as Attachment.
Send the message to helpdesk@metropolia.fi

Outlook on the Web Client

Click the + New message button to create a new message.
Find the message that you want to send as an attachment, click on it, and drag it over to the message body of the new message.
Enter relevant information in the "To," "Subject," and "Body" of the message.
Send the message to helpdesk@metropolia.fi

Tietojenkalastelu