Beware of Phishing/Fraudulent/Fake Email

by John Chan

You may have experience in receiving email that looks like being sent from the "support", "service", "network/email/web administrator"... etc. of the University, and you were asked to provide your account password by either replying to the email, or clicking a link in the email to access a web page and filling in your password there. An example of such email is attached at the end of this article for your reference.

please note that our administrators or support staff have NEVER asked and will NEVER ask users to provide password via email. Therefore, these kinds of email in fact were fraudulent or phishing email (also called email scams) with sender address faked by the actual sender (may be a computer virus). They were NOT originated from the University central email system at all, and in most cases they were originated from outside of CityU network.

You are advised to DELETE such email (or email in similar style) immediately when it is received. DON'T reply to the email or click on any link contained in the message.

If unfortunately you have already responded to this kind of email, please change your password immediately. Password change option is available within the University e-Portal and in the Email Service home page.

Phishing email spreads over the Internet from time to time. It is in fact a kind of spam/junk mail and might be tagged with high "Spam-level" by anti-spamming software running on our incoming email gateway, i.e. such email has high probability of being spam. The email could have been filtered from delivering to your Inbox if you have enabled the Spam Auto-filtering - one of the functions that are provided in the Junk Mail Filters - for your account. You are strongly recommended to enable it if you have not already done so. Please refer to the Email FAQ page "How to Enable Spam Auto-Filtering?" for the detailed procedure. Please also visit here for relating information. 

Example of a fraudulent (phishing) email


From: Cityu Support Team <>
Sent: Thursday, May 29, 2008 12:10 PM
To: Undisclosed recipients:
Subject: Account Update

Dear User,

We wrote to you on 28th April 2008 advising that you change the password on your account in order to prevent any unauthorised account access following the network intrusion we previously communicated.

we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security, in order to continue using our services you are require to update you account details below.

To complete your account verification, you must reply to this email immediately and enter your account details below.

Username: (**************)
password: (**************)

Failure to do this will immediately render your account deactivated from our database.

We apologise for the inconvenience that this will cause you during this period, but trust you understand that our primary concern is for our customers and for the security of their data.
our customers are totally secure

Cityu Support Team