Beware of Spoof Emails or Phishing

It is a common trick used by spammers and malicious advertisers to use a fake identity as the sender (either a real or non-exist email address) of their spam messages or messages with viral attachments. Even worse, identity thieves will try to lure you into surrendering personal information by falsely claiming to be an established legitimate enterprise in their phishing messages. It may also divert you to a fake website which looks identical to the genuine one. If you suspect that you have received a phishing email, do not respond to it or click on the links. You may refer to How to spot a phishing email in order to verify if the email is a phishing email.

Try to Recognize the Genuine Sender

Sometimes it is difficult to recognize if an email is coming from the genuine sender by looking at the “from address” or the message context. Try to ask for additional confirmation from the counterpart if there is any doubt.Another better way is to use the digital signature technology. Namely, people can digitally sign their outgoing emails such that recipients would have confidence that the messages are actually coming from them. A digital signature technology based on digital certificate (i.e. e-Cert) has been introduced to the campus users for nearly a decade and now all members of the University can use their e-Cert to digitally sign their outgoing messages. By looking for the “Signed” message (message with the verified icon in HKUST WebMail or the signed icon in Microsoft Outlook), you can assure sender’s identity easily.

Don’t Open Unexpected Attachments

Viruses are often sent via email attachments. Our email firewall scans incoming email and blocks known viruses. However, new viruses may get through before the up-to-date virus signatures are available (just like they get through your workstation’s anti-virus software when new virus signatures are not yet available). Besides, neither ITSC nor software vendors like Microsoft will send system patches as e-mail attachments. Instead, they will ask users to download the required software from their web sites. As a rule of thumb, do not open an attachment unless you are expecting it.

Don’t Send Sensitive Personal or Financial Information in Email

When you send a message, you no longer have control over what is done with it or to whom it is forwarded. Do not send sensitive data in email as it is unsafe.

Avoid Clicking on links in the body of an Email Message

While these links may not be a phishing attempt, they may not go to the site you intend. Unless you are completely comfortable that the email is legitimate, it is best to copy and paste the link or type it in directly in your browser. Check whether the spelling of site is correct or not e.g. microsoft.com vs micosoft.com

You can check the URL in any email or on another Web site by simply holding your mouse above the link. The URL will appear in your browser or status bar (the bar that is usually at the bottom of your screen) and you can see what the name of the site is before you actually click on it.

Change your ITSC Network Password Periodically

For security reason, users are advised to change their ITSC Network Password periodically.