It is a common trick used by spammers and malicious advertisers to use a fake identity as the sender (either a real or non-exist email address) of their spam messages or messages with viral attachments. Even worse, identity thieves will try to lure you into surrendering personal information by falsely claiming to be an established legitimate enterprise in their phishing messages. It may also divert you to a fake website which looks identical to the genuine one.
If you suspect that you have received a phishing email, do not respond to it or click on the links.
Sometimes it is difficult to recognize if an email is coming from the genuine sender by looking at the "from address" or the message context. Try to ask for additional confirmation from the counterpart if there is any doubt.
Another better way is to use the digital signature technology. Namely,
people can digitally sign their outgoing emails such that recipients would
have confidence that the messages are actually coming from them. A digital
signature technology based on digital certificate (i.e. e-Cert) has been
introduced to the campus users for nearly a decade and now all members of
the University can use their e-Cert to digitally sign their outgoing messages.
By looking for the "Signed"
message (message with the verified 
icon in HKUST WebMail or the
signed
icon in Microsoft Outlook), you can assure sender's identity easily.
Viruses are often sent via email attachments. Our email firewall scans
incoming email and blocks known viruses. However, new viruses may get through
before the up-to-date virus signatures are available (just like they get
through your workstation's anti-virus software when new virus signatures
are not yet available).
Besides, neither ITSC nor software vendors like Microsoft will send system
patches as e-mail attachments. Instead, they will ask users to download
the required software from their web sites. As a rule of thumb, do not open
an attachment unless you are expecting it.
Our Spam Detection Service helps user to get rid of unsolicited email or spam. If you using the HKUST iMail service, you can enable spam detection from the HKUST iMail Personal Settings.
Don't Send Sensitive Personal or Financial Information in Email
When you send a message, you no longer have control over what is done with
it or to whom it is forwarded. Do not send sensitive data in email as it
is unsafe.
While these links may not be a phishing attempt, they may not go to the site you intend. Unless you are completely comfortable that the email is legitimate, it is best to copy and paste the link or type it in directly in your browser.
For security reason, users are advised to change their ITSC Network Password periodically.