How to identify phishing email

How to identify phishing email

Information Security Unit (ISU) of OCIO will irregularly send simulated phishing email within our organization. Those campaigns aimed to test our overall security awareness and identify areas where we can improve our cybersecurity measures.

We want to emphasize that this campaign was not meant to single out individuals or departments but rather to raise awareness about the importance of staying vigilant and cautious regarding online security. We encourage all employees to remain vigilant and immediately report any suspicious emails or activity to our IT department.


How to identify phishing email:


Common characteristics of phishing emails to deceive people include:

  • Urgency for a demand or request (e.g. change of password, sending gift cards)
  • Attractive or interesting content (e.g. COVID-19 themes including testing information and the new variant, free gifts and promotion, sensitive documents)
  • Disguising as a legitimate or trustworthy entity (e.g. CityU departments, Banks)
  • Contains deceitful website links or attachments
  • Asking for credentials, personal information or financial needs



How to handle suspicious emails:

  • Check the sender address if it is legitimate, especially if it is from an external party, contact the claimed sender in another channel (e.g. phone call) for verification if necessary
  • Approach any website links and attachments with caution, do not click or open it unless you are certain it is safe
  • Do not provide or enter any login credential, personal and financial information
  • Do not trust offers that seem too good or unrealistic demands or request
  • Please do not forward it to other colleagues. Report suspicious email to and then delete it
  • Make use of “Report Spam” function to report spam to Central IT.


For further information, you may visit the following pages:


Central IT will continue to improve and enhance our email security to safeguard CityU members.