Over the past few weeks there had been a load of phishing/spam emails sent to the HKU mailboxes of staff and students. These phishing/spam emails came in different forms and some of them mimicked to be sent by HKU. We are taking this opportunity to remind University members to stay alert upon receipt of any suspicious emails which can be faked for stealing personal information purposely.
Characteristics of phishing/spam email
The common characteristics of a phishing/spam email include:
- Contains deceptive subject lines
- Message content sounds interesting
- Appears to come from legitimate organization (e.g., HKU, banks, government, online merchants)
- Email includes hyperlink(s) which appears to point to legitimate organization’s website
- Include threats “if you do not fill in your information, we will block your account”
- Contains forms requesting to fill out personal information
- Contains attachments like PDF’s or Word documents that will download and install malware to computer if activated
No credential information requested through email
ITS will not ask for account credential through email. The most common type of phishing email is written to “threaten” users of HKU Portal account with account deactivation if user name and password are not provided through a link in the email. If you ever respond to a message of this kind, it is important to reset your account password as soon as possible.
Ways to prevent phishing/spam
- Be suspicious of emails with urgent request for personal information
- Do not give out personal information upon email request
- Inspect the web address embedded in emails carefully
- Do not open unexpected email attachments or instant messaging download links
- Enable anti-phishing features of web browser
You can find the latest phishing/spam email information reported by HKU members at http://www.its.hku.hk/spam-report. Information Security newsletters and presentations are also available at http://www.its.hku.hk/services/infosec/awareness/infosec/newsletters-presentations which provide useful information and tips on how to protect against cyber-attacks.
Please remember that ITS will never ask for HKU account PIN/password. If you are in doubt of any emails sent by the University or ITS, please send to email@example.com to ask for a verification before giving a response. To report a phishing/spam email, please send the email to firstname.lastname@example.org with the email header.
Information Security Team
Tel: 3917 5952