Page tree

University of Tartu IT wiki

In this guide you will find information and tips about spam e-mails.

Every once in a while we discover unwanted e-mails in our inbox, that sometimes make up most of the received e-mails. These are adverts or spam. The University of Tartu e-mails are protected by a series of filters, which prevent most of the spam from ever reaching a users inbox. Unfortunately, the people responsible for sending out spam are figuring out new ways to bypass these filters, which means that some spam e-mails will still end up in your inbox.

These instructions will answer the following questions:

  1. How to identify spam e-mails?
  2. What to do with spam e-mails?


Spam usually reaches us in the form of phishing, which is fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site, the only difference being the URL of the website in concern.

A phishing e-mail can be usually identified by the following symptoms:

  1. The e-mail is sent from a public or strange e-mail address;
  2. poor spelling and grammar;
  3. The creation of a sense of urgency.
From: Jossie Dick (AAA)<> 
Sent: 7. august 2018. a. 10:45

The IT Dept. will be performing repairs to integrate computer and phone mail system tongiht starting at 9pm.
Therefore all staff are to CLICK HERE [!!!A LINK THAT YOU SHOULD NEVER CLICK ON!!!] and enroll for the upgrrade.

Filling the submission form will enable us to migrate your account fully into the system. Cyber Security is every one concern. 

Thank you for the understanding...

(C) Copyright 2018 Microsoft
All Rights Reserved

The example above has all the symptoms of a spam/phishing e-mail.
First of all, the sender is someone called Jopssie Dick, who is in no way connected to the University of Tartu. When in doubt, check the intranet's or the public website's employee search function - if the person is not listed, the message is fraudulent.
Secondly, the e-mail's subject is strange and it doesn't look or sound like anything the university's IT-office would send out. IT-office will send out messages for upgrades every once in a while and that information will always be added to the intranet as well. Please remember, that we will  never ask for your username and password!
Lastly, the e-mail creates a sense of urgency and has poor spelling and grammar. This is a clear sign of a phishing e-mail.

Label: 25343391367031008
Saaja:	XXX
The courier company was not able to deliver your parcel by your address.

Cause: Error in shipping address.
Label: 31585036553374581

Print this label to get this package at our post office.
Please attention!
For mode details and shipping label please see the attached file.
Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you,
USPS Logistics Services.

This electronic mail transmission and any attached files contain information intended for the exclusive use of the individual   
or entity to whom it is addressed and may contain information belonging to the sender UPS , Inc. that is proprietary, 
privileged, confidential and/or protected from disclosure under applicable law. If you are not the intended recipient, you 
are hereby notified that any viewing, copying, disclosure or distributions of this electronic message are violations of 
federal law. Please notify the sender of any unintended recipients and delete the original message without making any copies. 
Thank You

This has all the symptoms of a spam/phishing e-mail, which will encrypt your files and then try to ransom them. The main difference is that there is no link in the e-mail, but an attachment called No modern organization sends out official documents in a *.zip container, since that is considered unsafe and telltale sign of a phishing e-mail. Invoices and documents are almost exclusively sent out in the *.pdf format.

If it is anything else, you need to be extra careful!

To summarize, you need to ask yourself the following questions in order to identify spam or phishing:

  1. Do I know the sender? Was the message sent from an official e-mail address ( Can I verify the sender's e-mail address?
  2. Was I expecting this e-mail?
  3. Are the extensions of the files attached to the e-mail known to me (i.e .pdf, *.docx, *.doc, *xls, *xlsx)?
  4. Is the e-mail's subject official and uses correct spelling and grammar?
  5. Is the content of the e-mail related to my work or my organization?
  6. Does the content of the e-mail use correct spelling and grammar?

If the answer to any of the questions above "NO", then you should be extra careful!

More info on spam and e-mail fraud: 

Since spammers find ways to bypass the e-mail filters set up by the e-mail administrators, it is not possible to block all of them, before they reach your inbox.

When receiving spam or phishing e-mails, just delete them and never open any of the included links or attachments. 

When in doubt, contact the University of Tartu Helpdesk.

For forwarding spam e-mails to helpdesk, see instructions here: Sending e-mails as attachments.

If spam e-mail has arrived to your inbox, then you can mark the e-mail as spam or even block the sender of the spam e-mail. Right-click on the e-mail, choose Security options from the menu and left-click on Mark as junk. To block the sender, choose Block sender from the same menu.

In Outlook desktop app you can do the same by right-clicking on the spam e-mail, open Junk and click on Block sender.

If you have accidentally blocked a wrong e-mail address, then you can remove the e-mail from blocked senders list.

In web Outlook click on the settings icon (cogwheel) on top right, then click View all Outlook Settings on the bottom of the settings menu. A new window pops up, click on Junk email. Here you can see and manage Blocked senders and safe senders. Find the e-mail that you want to remove from the list and click on delete icon (trash bin). When you've deleted the sender from the list, click Save on the bottom of the window.

In Outlook desktop app right-click on any e-mail address, click on Junk and choose Junk e-mail Options from the list. A new window pops up, click on Blocked Senders tab at the top. Find the e-mail address that you want to remove from the blocked senders list, left-click on it and then click Remove from the right and click OK or Apply to save the changes.

This page has no comments.