Recently, there have been some fraudulent (phishing) e-mails or websites sent to CUHK users that appear to be from ITSC or CUHK to request users to confirm, verify or provide their accounts or personal information.
The ITSC or CUHK never asks users for this information through e-mail. Do not reply or send any information to the senders or click any hyperlink of those e-mails and websites, until the authenticity of emails and websites can be verified.
Phishing emails can come from any email addresses such as a compromised CUHK account. These emails generally urge you to log in or change password before a deadline.
Here are some common phishing email subject lines:
The embedded link in the email does not match with the legitimate one
A typical phishing email requesting you to activate your account
If you have received a suspicious and strange e-mail asking for your account information, you should:
To attached the original email, please follow the steps below:
In Microsoft Outlook, right click the email and click “Copy”.
Create a new email, in composing area, right click and then click “Paste”.
If you have received these e-mails and supplied your password, please take the following measures immediately:
These phishing e-mails and websites are designed to look like the real ones. Fraudulent bank websites for example, are hosted to lure you to give your account information. The most common way is through e-mail and pop up instant messages, where “banks” or “distant relatives” ask for the user’s personal information and password.
Here are some guidelines to avoid falling victim to phishing scams:
Protect Against Phishing Attacks (The Government of the Hong Kong SAR)