A number of phishing messages impersonated as sender of senior members of PolyU academic community and requested message recipients for urgent help such as buying gift or money card and reverting the card number and user passcode. This type of phishing attack normally displays the name of a staff member as the sender but the real sending address is from an external source.
Effective from 19 September 2022, all incoming emails detected to be sent from external sources will be tagged with a reminder “CAUTION: This message is from an EXTERNAL server” "CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.” (revised on 8 Nov 2022)
Users should take cautious step to verify with the staff member directly if that staff member’s name was displayed as the sender of the incoming message but tagged with an external source reminder.
For further information or enquiries on cyber security, please contact the IT HelpCentre (Tel: 2766 5900, WhatsApp/WeChat: 6577 9669).
