- What is Information Security?
- Beware of Phishing Email
- Upcoming Information Security Awareness Activities
The tremendous growth in the use of Internet, smartphones and cloud computing has brought us great convenience. However, it also creates a high risk of information leakage and other abuses of information security.
Information security means protecting information and information systems from unauthorized access in order to achieve CIA:
Confidentiality - protecting information from being disclosed to unauthorised parties.
Integrity - protecting information from being changed by unauthorised parties.
Availability – refer to the availability of information to authorised parties only when requested.
Among all information security abuse cases, phishing email is one of the major threats that may result in adverse impact on the overall security of the University’s IT environment.
Phishing emails are fake emails aimed at stealing personal or identity information. Successful phishing attempts can cause leakage of sensitive and confidential information, such as students/staff usernames and passwords. Unauthorized access to the university information systems can then be made with the stolen information which can lead to serious security breaches.
A sample of the phishing email is appended below:
Attention HKU account holder,
This message is from the University of Hong Kong technical support center, we will be making some vital E-mail account maintenance to ensure that we provide high quality in Internet connectivity in the 2012 and fight spam and improve security, all Mail-hub systems will undergo regularly scheduled maintenance.
To confirm and to keep your account active during and after this process Kindly Click and fill the following information:
Web Services / Information Technology Department,
University of Hong Kong
Please DO NOT respond to this kind of emails and disclose your personal or account information by replying to or clicking any links in the spam. The Computer Centre will NOT send emails to our users asking for confidential information, such as account password through email reply or validation through any web site. Please pay attention before you reply to any unknown email addresses, in particular those asking for your personal information.
If you have responded to such phishing emails and disclosed your email account information, please immediately change your email account password. For more information, please refer to http://www.its.hku.hk/account/password.htm.
To promote information security awareness among University members, a series of promotional activities will be arranged in the coming months including awareness seminars, exhibition and video contest. Please stay tuned with us for details of the events.
Tel: 2859 2497