Beware
of Phishing/Fraudulent/Fake Email
By
John Chan
|
|
|
You may have experience in receiving email that looks like being sent
from the "support", "service", "network/email/web
administrator"... etc. of the University, and you were asked
to provide your account password by either replying to the email,
or clicking a link in the email to access a web page and filling
in your password there. An example of such email is attached at
the end of this article for your reference.
please note that our administrators or support staff have NEVER asked
and will NEVER ask users to provide password via email. Therefore,
these kinds of email in fact were fraudulent or phishing email
(also called email scams) with sender address faked by the actual
sender (may be a computer virus). They were NOT originated from
the University central email system at all, and in most cases
they were originated from outside of CityU network.
You are advised to DELETE such email (or email in similar style)
immediately when it is received. DON'T reply to the email or click
on any link contained in the message.
If unfortunately you have already responded to this kind of email,
please change your password immediately. Password change option
is available within the University e-Portal and in the Email Service
home page.
Phishing email spreads over the Internet from time to time. It is in fact
a kind of spam/junk mail and might be tagged with high "Spam-level"
by anti-spamming software running on our incoming email gateway,
i.e. such email has high probability of being spam. The email
could have been filtered from delivering to your Inbox if you
have enabled the Spam Auto-filtering - one of the functions that
are provided in the Junk Mail Filters - for your account. You
are strongly recommended to enable it if you have not already
done so. Please refer to the Email FAQ page "How
to Enable Spam Auto-Filtering?" for the detailed procedure.
Please also visit here
for relating information.
________________________________________
Example of a fraudulent (phishing)
email
From: Cityu Support Team <support@cityu.edu.hk>
Sent: Thursday, May 29, 2008 12:10 PM
To: Undisclosed recipients:
Subject: Account Update
Dear User,
We wrote to you on 28th April 2008 advising that you change
the password on your account in order to prevent any unauthorised
account access following the network intrusion we previously
communicated.
we have found the vulnerability that caused this issue,
and have instigated a system wide security audit to improve
and enhance our current security, in order to continue using
our services you are require to update you account details
below.
To complete your account verification, you must reply to
this email immediately and enter your account details below.
Username: (**************)
password: (**************)
Failure to do this will immediately render your account deactivated
from our database.
We apologise for the inconvenience that this will cause
you during this period, but trust you understand that our
primary concern is for our customers and for the security
of their data.
our customers are totally secure
Cityu Support Team |