Although the Central IT will try their very best to prevent malicious email from reaching our users, phishing email is hard to detect and you may still receive suspicious email (phishing email) claiming to be from "Admin", "IT Support", "Email Administrator", " IT Service Desk", etc. telling you that your computer account has problem/will expire/exceeds quota/needs to upgrade, etc. and requiring you (i) to reply to the email with your account password/personal details, or (ii) to verify your identity by clicking on a URL to a webpage, and then input your account password/personal details, or (iii) to lure you to open a file attached which results in a computer virus or spyware being installed on your computer to steal information or to launch attacks to other computers.
Some phishing email even fakes the identity of CityU’s Central IT, e.g. from Computing Services Centre (CSC), or the look of the login/verification webpages. To assist you to verify genuine email sent from the Central IT which is related to password matters for your CityU computer account(s), a personalized list of such email (if any) sent to you within the last 30 days is listed in a box at https://wikisites.cityu.edu.hk/sites/verifyemail. If the box is empty, meaning that no such email has been sent to you from the Central IT, and if you have received one claiming to be from the Central IT (i.e. the OCIO, the ESU or the CSC), it is likely to be fake and please: (i) do not provide your account password/personal details; (ii) do not reply to the email; (iii) do not click any URL in the email; (iv) do not click and open any file attachment; (v) report it immediately to the CSC Service Desk at 3442 8340 or forward it (with full email header) to firstname.lastname@example.org, and then (vi) delete the email.
Except for forwarding the suspicious email to email@example.com, please do not forward it to other colleagues.
The rule of thumb to safeguard your computer accounts from hackers is to always access the option for changing password on the CityU Portal from the CityU Homepage, and not from any unknown email or URL remembered in browser's favorite list of unknown computers.
Be a smart email user, and please find below more hints on identifying fake email and URL.
The Central IT use their office email accounts to issue email (except for reminder/acknowledgement email that is auto-generated by systems which are un-monitored email aliases):
If you received an email from a sender "Computing Services Centre" but the email address is, for example, <firstname.lastname@example.org>, it is definitely a fake email. In most email clients, right-mouse click on the sender's email address will reveal the full email address of the sender (for more details, please visit "How can I display FULL HEADERS of incoming messages?"
Please note that reminder/acknowledgement email, same as other email from the Central IT, will not ask you to provide your account password by replying to the email or clicking on an URL within the email; instead, steps to navigate to the option, e.g. for accessing the option for changing account password on the CityU Portal via the CityU Homepage, will be provided because the CityU Homepage and the CityU Portal are websites that you are familiar with.
Phishing email may also be sent from people you know since their email accounts or their computers/mobile devices might have been hacked and used for sending phishing email, so please watch out for email from email acquaintances, however, with unusual content.
MS Internet Explorer
Safari for MacOS