Date: Wed, 5 Aug 2020 11:05:09 +0300 (EEST) Message-ID: <545059580.56383.1596614709385@wiki.ut.ee> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_56382_1715979445.1596614709383" ------=_Part_56382_1715979445.1596614709383 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html R=C3=A4mpspost (Spam)

# R=C3=A4mpspost (Spam)

=20
=20
=20
=20

=20
=20
=20
=20
=20
=20

Me k=C3=B5ik oleme leidnud oma postkastist soovimatuid reklaamkirju ehk = r=C3=A4mpsposti ning nii m=C3=B5nigi meist on h=C3=A4das olnud sellega, et = r=C3=A4mpsposti maht =C3=BCletab soovitud kirjade mahu. Tartu =C3=9Clikooli= kirjakaste kaitseb r=C3=A4mpsposti eest filtrite s=C3=BCsteem, mis peatab = suurema osa r=C3=A4mpspostist enne, kui see j=C3=B5uab meie postkastidesse.= Paraku on r=C3=A4mpsposti saatjad sellega kursis ning leiavad pidevalt uus= i viise, kuidas sellistest filtritest m=C3=B6=C3=B6da saada, mille t=C3=B5t= tu leiab m=C3=B5ni neist kirjadest ka tee meie postkastidesse.

K=C3=A4esolev juhend annab vastused j=C3=A4rgmistele k=C3=BCsimustele:

1. Kuidas r=C3=A4mpsposti =C3=A4ra tunda?
2. Mida r=C3=A4mpspostiga ette v=C3=B5tta?
=20
=20
=20
=20

Every once in a while we discover unwanted e-mails in our inbox, that so= metimes make up most of the received e-mails. These are adverts or spam. Th= e University of Tartu e-mails are protected by a series of filters, which p= revent most of the spam from ever reaching a users inbox. Unfortunately, th= e people responsible for sending out spam are figuring out new ways to bypa= ss these filters, which means that some spam e-mails will still end up in y= our inbox.

These instructions will answer the following questions:

1. How to identify spam e-mails?
2. What to do with spam e-mails?
=20
=20
=20
=20
=20
=20

# K= uidas r=C3=A4mpsposti =C3=A4ra tunda?

R=C3=A4mpsposti eesm=C3=A4rgiks on eelk=C3=B5ige teenida raha reklaami e= dastamisega, arvutikasutaja kontode (e-post, sotsiaalmeedia jne v=C3=B5i is= egi arvuti/nutitelefoni =C3=BCle v=C3=B5tmine. Tegemist on internetipettuse= =C3=BChe vormiga, mis p=C3=B5hineb identiteedivargusel ning saab reeglina = alguse e-posti teel saadetud petukirjast.

2. kahtlane pealkiri;
3. sisu imelik toon, grammatiliselt v=C3=A4=C3=A4r s=C3=B5nakasutus.

N=C3=A4ide 1 - viiruste levitamine ja lunarahan=C3=B5ue:

=20
```From: J=
ossie Dick (AAA)<Jossie.Dick@colvilletribes.com>=20
Sent: 7. august 2018. a. 10:45
Subject: T=C3=84HELEPANU WEB PASSWORD TOIMIB T=C3=84NA

Teie OUTLOOK WEB-v=C3=B5rgu konto parool aegub t=C3=A4na.

Parooli muutmiseks j=C3=A4rgige allolevaid juhiseid.
K=C3=BClastage veebilehte OUTLOOK WEB Digital Intranet [!!!TEKST ON LINK MI=

V=C3=B5rguss=C3=BCsteemid
Juurdep=C3=A4=C3=A4s piirkonna lauaarvutitele (nt. Kaugjuhtimispuldid-V :, =
W :, U :, T: jne)
VPN-i juurdep=C3=A4=C3=A4s v=C3=A4ljaspool piirkonda
Traadita v=C3=B5rk v=C3=B5i Interneti-=C3=BChendus s=C3=BClearvutitelt v=C3=
=B5i tahvelarvutidelt
E-post Outlooki, Outlooki veebi ja nutitelefonide kaudu
Online t=C3=B6=C3=B6h=C3=B5ive taotlemise s=C3=BCsteem
Toitumisalased teenused MCS ja PCS
Oracle

Kui teil on k=C3=BCsimusi, v=C3=B5tke palun =C3=BChendust laienduse 7892 le=
helt OUTLOOK WEB.

Ait=C3=A4h,
Infoteenuste osakond```
=20

Esiteks on kirja saatjaks keegi Jossie Dick, kes ei oma mit= te mingit seost Tartu =C3=9Clikooliga. Kahtluse korral tuleks kontrollida v= =C3=A4lisveebist v=C3=B5i siseveebist, kellega on tegu - kui isikut t=C3=B6= =C3=B6tajate nimekirjas pole, on tegemist petukirjaga.
Teiseks on kirjal= kahtlane pealkiri, mille keelekasutus on imelik ning ei viita =C3=BChelegi= konkreetsele =C3=BClikooli infotehnoloogia teenusele. Infotehnoloogia osak= ond korraldab k=C3=BCll paroolivahetuskampaaniaid, kuid sellest teavitataks= e listide ja kindlasti ka siseveebi vahenudsel.
Kolmandaks on kirja sisu= l imelik toon ja veider s=C3=B5nakasutus. Kirja sisus leidub k=C3=BCll teen= uste nimetusi, mida =C3=BClikoolis kasutatakse, kuid tervikpilt j=C3=A4tab = siiski kahtlase mulje (nt "Rikastada" v=C3=B5i "Toitumisalased teenused MCS= ja PCS").

N=C3=A4ide 2 - viiruste levitamine (nt kr=C3=BCptoviirus):

=20
```Label: =
25343391367031008
Saatja: post@usps.com
Saaja:=09XXX

invoice.zip
=20

Label: 31585036553374581

Print this label to get this package at our post office.
For mode details and shipping label please see the attached file.
Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you,
USPS Logistics Services.

CONFIDENTIALITY NOTICE:
This electronic mail transmission and any attached files contain informatio=
n intended for the exclusive use of the individual  =20
or entity to whom it is addressed and may contain information belonging to =
the sender UPS , Inc. that is proprietary,=20
privileged, confidential and/or protected from disclosure under applicable =
law. If you are not the intended recipient, you=20
are hereby notified that any viewing, copying, disclosure or distributions =
of this electronic message are violations of=20
federal law. Please notify the sender of any unintended recipients and dele=
te the original message without making any copies.=20
Thank You```
=20

=C3=9Claltoodud kirjas on olemas k=C3=B5ik r=C3=A4mspostile viitavad tun= nused, mis said mainitud eelmise n=C3=A4ite juures. Erinevuseks on see, et = kirjale on lisatud manus nimega invoice.zip. Mitte = =C3=BCkski organisatsioon ei saada ametlikke dokumente *.zip&n= bsp;formaadis, kuna see ei ole turvaline ning viitab koheselt petu= kirjale. Sellised dokumendid edastatakse *.pdf f= ormaadis. Juhul, kui tegemist on millegi muuga, siis tuleks kindlasti olla = =C3=A4=C3=A4rmiselt ettevaatlik!

=20
=20
=20
=20

# How to identify s= pam e-mails?

Spam usually reaches us in the form of phishing, which is fraudulen= t attempt to obtain sensitive information such as usernames, passwords, and= credit card details (and money), often for malicious reasons, by disguisin= g as a trustworthy entity in an electronic communication. Phishing is = typically carried out by email spoofing or instant messaging, and it often = directs users to enter personal information at a fake website, the look and= feel of which are identical to the legitimate site, the only difference be= ing the URL of the website in concern.

A phishing e-mail can be usually identified by the following symptoms:

1. The e-mail is sent from a public or strange e-mail address;
2. poor spelling and grammar;
3. The creation of a sense of urgency.

Example 1

=20
```From: J=
ossie Dick (AAA)<Jossie.Dick@colvilletribes.com>=20
Sent: 7. august 2018. a. 10:45
Subject: ITS HELP DESK

The IT Dept. will be performing repairs to integrate computer and phone mai=
l system tongiht starting at 9pm.
K ON!!!] and enroll for the upgrrade.

Filling the submission form will enable us to migrate your account fully in=
to the system. Cyber Security is every one concern.=20

Thank you for the understanding...

ITS HELP DESK/SUPPORT
=20

The example above has all the symptoms of a= spam/phishing e-mail.
First of all, the sender is someone called Jopssi= e Dick, who is in no way connected to the University of Tartu. When in doub= t, check the intranet's or the public website's employee search function - = if the person is not listed, the message is fraudulent.
Secondly, the e-= mail's subject is strange and it doesn't look or sound like anything the un= iversity's IT-office would send out. IT-office will send out messages for u= pgrades every once in a while and that information will always be added to = the intranet as well. Please remember, that we will  never ask for you= r username and password!
Lastly, the e-mail creates a sense of urgency a= nd has poor spelling and grammar. This is a clear sign of a phishing e-mail= .

Example 2

=20
```Label: =
25343391367031008
Saatja: post@usps.com
Saaja:=09XXX

invoice.zip
=20

Label: 31585036553374581

Print this label to get this package at our post office.
For mode details and shipping label please see the attached file.
Please do not reply to this e-mail, it is an unmonitored mailbox!

Thank you,
USPS Logistics Services.

CONFIDENTIALITY NOTICE:
This electronic mail transmission and any attached files contain informatio=
n intended for the exclusive use of the individual  =20
or entity to whom it is addressed and may contain information belonging to =
the sender UPS , Inc. that is proprietary,=20
privileged, confidential and/or protected from disclosure under applicable =
law. If you are not the intended recipient, you=20
are hereby notified that any viewing, copying, disclosure or distributions =
of this electronic message are violations of=20
federal law. Please notify the sender of any unintended recipients and dele=
te the original message without making any copies.=20
Thank You```
=20

This has all the symptoms of a spam/phishin= g e-mail, which will encrypt your files and then try to ransom them. The ma= in difference is that there is no link in the e-mail, but an attachment cal= led invoice.zip. No modern organization sends out off= icial documents in a *.zip container, since that is c= onsidered unsafe and telltale sign of a phishing e-mail. Invoices and docum= ents are almost exclusively sent out in the *.pdf format.

If it is anything else, you need to be extra careful!

=20
=20
=20
=20
=20
=20

=C3=9Claltoodud selgituste p=C3=B5hjal tuleks r=C3=A4msposti tuvastamise= ks k=C3=BCsida endalt:

1. Kas ma tunnen kirja saatjat? Kas kiri on tulnud ametlikut @ut.ee&= nbsp;aadressilt v=C3=B5i m=C3=B5ne muu tuntud organisatsiooni aadressilt? K= as ma saan seda kontrollida?
2. Kas ma ootasin sellelt saatjalt kirja?
3. Kas kirjaga on kaasas manus, mille failit=C3=BC=C3=BCp on mulle teada (= nt *.pdf, *.docx, *.doc, *xls, *xlsx)?
4. Kas kirja pealkiri on ametlik ja korrektselt s=C3=B5nastatud?
5. Kas kirja sisu on kuidagigi seotud minu t=C3=B6=C3=B6ga v=C3=B5i organi= satsiooniga?
6. Kas kirja sisu on ametlik ja korrektselt s=C3=B5nastatud?

Kui vastasite =C3=BChele neist k=C3=BCsimustest s=C3=B5naga "ei", siis t= uleks olla =C3=A4=C3=A4rmiselt ettevaatlik!

R=C3=A4msposti ja erinevate petukirjade t=C3=BC=C3=BCpide kohta saab t= =C3=A4iendavalt lugeda siit: https://et.wikipe= dia.org/wiki/Internetipettus

=20
=20
=20
=20

To summarize, you need to ask yourself the following questions in order = to identify spam or phishing:

1. Do I know the sender? Was the message sent from an official e-mail addr= ess (@ut.ee)? Can I verify the sender's e-mail address?
2. Was I expecting this e-mail?
3. Are the extensions of the files attached to the e-mail known to me (i.e=  .pdf, *.docx, *.doc, *xls, *xlsx)?
4. Is the e-mail's subject official and uses correct spelling and grammar?=
5. Is the content of the e-mail related to my work or my organization?
6. Does the content of the e-mail use correct spelling and grammar?

If the answer to any of the questions above "NO", then you should be ext= ra careful!

=20
=20
=20
=20
=20
=20

# Mida r= =C3=A4mpspostiga ette v=C3=B5tta?

Kuna r=C3=A4mpsposti levitajad otsivad pidevalt uusi v=C3=B5imalusi orga= nisatsioonide r=C3=A4mpspostifiltritest m=C3=B6=C3=B6da p=C3=A4=C3=A4semise= ks, ei ole k=C3=B5iki kirju v=C3=B5imalik blokeerida enne, kui need on juba= meie postkasti j=C3=B5udnud.

R=C3=A4mpsposti tuvastamisel tuleks see kustutada ning selles asuvaid vi= iteid v=C3=B5i manuseid mitte avada! Kui tekib kahtlus, kas tegemist on r= =C3=A4mpspostiga, tuleks kindlasti n=C3=B5u k=C3=BCsida Tartu =C3=9Clikooli= Arvutiabilt.

=20
=20
=20
=20

# What to do with sp= am e-mails?

Since spammers find ways to bypass the e-mail filters set up by the e-ma= il administrators, it is not possible to block all of them, before they rea= ch your inbox.

When receiving spam or phishing e-mails, just delete them and never open= any of the included links or attachments.

When in doubt, contact the University of Tartu Helpdesk.

=20
=20
=20
------=_Part_56382_1715979445.1596614709383--