Information Technology Services Centre - Phishing Email / Web Fraud Alert
  • Submit
  • Phishing Email / Web Fraud Alert

    Recently, there have been some fraudulent (phishing) e-mails or websites sent to CUHK users that appear to be from ITSC or CUHK to request users to confirm, verify or provide their accounts or personal information.

    The ITSC or CUHK never asks users for this information through e-mail. Do not reply or send any information to the senders or click any hyperlink of those e-mails and websites, until the authenticity of emails and websites can be verified.

     

    dummy image
    1. How to Identify a Phishing/Fake Email/Website

    • Phishing emails always appear to be sent from the University or Individual CUHK staff. These emails have links requesting you to confirm or verify your account information with key phases such as
      • Verify/Update/Confirm your account
      • If you don't respond/reply within XX hours, your account will be closed
    • If you put your mouse over (NEVER click) these links, your browser will show an address that you are going to visit. For phishing emails, they indeed do not match with the legitimate website that mentioned in the email (example below)
    • Phishing website use legitimate webpage's look and feel. They usually embed and install with virus, trojan or malicious software
    • You are suggested to follow the questions below whenever checking an email. If the answer is Yes, this probably is a phishing website or email! You are under a risk of identity theft if you act according to this phishing!
      • Does the email ask for your personnel information or account verification?
      • Does the email look so different from the mass mails you generally received?
      • Does the email have a hyperlink unmatched with the URL it displays to you?
      • Is there any spelling mistake, apparent grammatical mistake or meaningless subject?
      • Does the email ask you to open a file with a general message but without any description?
      • Is https://xxx.cuhk.edu.hk absent from the login website URL?
    • Contact ITSC if in doubt

    The embeded link in the email does not match with the legitimate one

     fake website


    A typical phishing email requesting you to activate your account

    phishing example

     

    dummy image
    1. Actions While Receiving Suspicious Email Asking for Account Information

    If you have received a suspicious and strange e-mail asking for your account information, you should:

    • NEVER reply to the e-mail or click any link or open attachment in the e-mail.
    • Check whether it is a reported case on the ITSC homepage 
      • If it is listed on the page, delete the e-mail at once.
      • If it is a new case, report to your LAN administrator or ITSC through This email address is being protected from spambots. You need JavaScript enabled to view it. or ITSC Service Desk with the original email attached.

        To attached the original email, please follow the steps below:
        • In Microsoft Outlook, right click the email and click "Copy".
          AttachEmail1

        • Create a new email, in composing area, right click and then click "Paste".
          AttachEmail2

     

    dummy image
    1. Actions If Supplied Password to Phishing Emails / Websites

    If you have received these e-mails and supplied your password, please take the following measures immediately:

    1. Reset your OnePass password IMMEDIATELY with strong password on a Virus-free and Patch Updated Machine.

    You can use either methods stated at ITSC homepage to change your password. Remember that the change must be done on a virus-free and patch updated machine.

    Recommendation for a Strong Password

    1. Set your passwords with at least eight characters composed of random letters, digits and symbols
    2. Use different sets of password in different systems
    3. Never use dictionary words and personal related information such as name, date, telephone number, HKID and user ID, etc.

    2. Perform a System Health Check.

    1. Scan your machine using Kaspersky anti-virus and/or malicious code detection software with most up-to-date signature.
    2. Apply the latest security patches onto your machine.
    3. [Office PC/notebook] Staff users please contact your department IT support to carry out a system health check onto your machine.
    4. [Highly Recommended] Reinstall the PC/notebook as phishing web site may have malware embeded.

    3. Check if your mails have been forwarded to other account.

    Please log into your Office 365 Mail/@Link to check and stop any email forwarding settings have been setup without your notice. 

    4. Check if new rules have been setup in your Inbox.

    Please log into your Office 365 Mail/@Link to check and remove any new rules have been setup in your Inbox without your notice.

    5. Check if other identities were added to your CUHK Webmail.

    This applies to those Department/Project Accounts whom have not switched to Office365. Please log into CUHK Webmail > Options > Personal Information. Sometimes, the hacker might have added identities to your webmail account, please check according to the steps as attached to make sure no new identities were added.

     

    dummy image
    1. Preventive Measures

    These phishing e-mails and websites are designed to look like the real ones. Fraudulent bank websites for example, are hosted to lure you to give your account information. The most common way is through e-mail and pop up instant messages, where "banks" or "distant relatives" ask for the user's personal information and password.

    Here are some guidelines to avoid falling victim to phishing scams:

    DOs

    • Remember that legitimate companies will never ask their clients to send over sensitive information online. If you are unsure, you can phone the company to verify if they have sent such an e-mail.
    • Type the actual URL address (if they are safe to visit) yourself instead of clicking onto the link inside the e-mail. Sometimes, the scammers may send you a URL that looks proper but secretly links you to a fake website.
    • Lock your computers and mobile phones in case they fall into bad hands
    • Change your passwords regularly

    DONTs

    • Open any e-mails or follow any URL links from non-verified sources or e-mails.
    • Open attachments from unknown e-mails, as they may contain computer Trojans (a type of malware) that records your keystrokes when you enter your passwords and spies on your computer data without your knowing.
    • Have sensitive information such as ID-card number, credit card details, drivers licenses, or passwords saved in your computer. This makes you particularly vulnerable to Phishing

    Reference:

    Protect Against Phishing Attacks (The Government of the Hong Kong SAR)
    http://www.infosec.gov.hk/english/anti/protect_gen.html