Attacks/phishing messages that come with e-mail messages have become more common.
As a general guideline regarding spam, you should never open suspicious messages/attachments or click on links in them. The concept of a suspicious message is vague, but usually the number of typos already tells a lot. Even messages seemingly coming from a colleague are not necessarily reliable, because the sender information may be fake, or the credentials may have ended up in the wrong hands. Users need to be very alert at all times.
In the past, spam mails focused on advertising, but recently the main purpose has been to mislead the recipient into installing malware on the device, or to direct the recipient to a seemingly reliable looking page that requires login and that way handing over the password to the attackers.
Why does spam get through filtering?
If the message itself does not contain a recognized virus attachment, a fake address or some other clear indicator, it is difficult for automation to filter message, and that is why messages sometimes get through the scanning prosess to recipients mailbox. Jamk’s email system uses the so-called Safelink feature to handle such situations, but it’s not foolproof, and it doesn’t help if the link is inside an attached document, etc.
I entered my username/password to an unknown page, what do I do?
If you know that you have opened a link in a suspicious message or attachment and entered your username/password to it, you should change your password immediately! Strong identification helps here quite comprehensively, as long as you don’t accept login requests when you’re not actually logging in anywhere yourself.
To be on the safe side, you might also want to report the incident to ICT services via the contact form on the Helpdesk main page.