ITSC has received few user queries about different kinds of fake messages appear to come from "HKUST" asking for their username and password or click on some malicious link.
Users should never disclose their passwords to any third parties. ITSC would never ask our users for such information by email, phone or in person. Never reveal your Password to anyone (No staff will ever ask for your password), e.g. If you receive anomalous email asking for sensitive account or personal information, you must not disclose. You should report to us immediately if in doubt. Besides, do not click on the link in the email as it links to malicious web site.
In case if you have replied to the phishing email, please reset your password at once and report to us immediately. Users are advised to turn on the Spam Detection Service in order to get rid of these annoying spam messages.
Below are samples of recent phishing emails. You may also refer to the other phishing samples for more information.
---------------------------- Sample 1 ---------------------------------- Subject: HKUST Webmail Alert From: ITSC Help Desk (helpdesk@ust.hk) Attention: Faculty/Staff/Students, This message is from the Office of Information Technology Services Center (ITSC) Help Desk at The Hong Kong University of Science& Technology to all Faculty, Staff and Students using the HKUST Webmail accounts. We noticed that the HKUST Webmail accounts have been compromised by spammers. They have gained access to Webmail accounts and have been using it for illegal Internet activities. ITSC Help Desk is currently performing maintenance and upgrading its database. We intend upgrading our Email Security Server for better on-line services. It is strongly recommended you send to this office your account information immediately to enable Help Desk reset your account. You will be sent a new confirmation alphanumerical password. Please provide the following information- *ITSC Network Account: *Password: *Alternate email: In order to ensure you do not experience service interruptions, please reply this email immediately and provide the information above to prevent your account from being deactivated from our database. Thank you for using our on-line services. Network/Systems Administrator. ---------------------------- Sample 2 ---------------------------------- Subject: Update Your UST Webmail From: Information Systems Office (issupprt@ust.hk) Dear Webmail user, We are currently engaged in webmail maintenance service. As ust webmail user, you are required to confirm your continued usage of your Webmail. Failure to confirm your ust webmail will lead to service suspension. Click on the link below and fill the Help form to confirm your ust webmail account. http://www.girlsontherun-ga.org/forms/use/suform/form1.html Thank you, Information Systems Office, The Hong Kong University of Science & Technology ---------------------------- Sample 3 ---------------------------------- Subject: Dear Hong Kong University of Science & Technology Webmail User From:"The Hong Kong University of Science & Technology" (systems@ust.hk) This is to complete your account verification process of the past year for the maintenance of your Webmail account. You are required to respond to this message and enter your ID and PASSWORD in the space below. You should do so before the next 48 hours of receipt of this email, or your account will be deactivated and deleted from our database. Full Name: Webmail User ID: Webmail Password: Confirm Password: Date Of Birth: Your account can also be monitored : https://sqmail.ust.hk/src/login.php © 2011. The Hong Kong University of Science & Technology. -------------------------------------------------------------------------As a general practice, user should not disclose personal information, such as password, credit card numbers, etc to others.
For more information, please refer to our security tips at:
ITSC