Phishing is a type of social engineering attacks commonly used to steal users' personal data, such as login credentials, credit card information, and phone numbers. Phishers typically pose as a trusted entity and deceive a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a phishing link, which may redirect them to a login page designed to steal their login information, or expose them to malware as part of a ransomware attack.
Security Tips for spotting a phishing email
(1) Think twice before clicking any link or inputting personal information
Always scrutinize the website to which you are being directed. Phishing emails invariably lead you to counterfeit websites where you will be prompted to log in or provide your personal information.
An example of a phishing email asking to enter your personal information
(2) Examine the sender's address carefully
Spoofing the sender's display name is a common phishing tactic. You can examine the sender's email address by clicking on the display name. If the sender's email address appears suspicious, refrain from clicking on any links or opening any attachments within the email.
An example of a suspicious sender address that does not match the display name
(3) Beware of the subject line requesting urgent action
Phishing attacks often prey on people's emotions. Malicious emails typically use urgent requests to trick victims into clicking embedded links. Here are some examples of subject lines to be cautious of:
- Urgent Action Required
- [Urgent] Your Account Will Be Deactivated After 24 Hours
- Immediate Password Change Required
- Urgent - Need Your Help!
(4) Spelling and grammatical errors spotted in message text
A spam filter is an email security solution that scans for keywords and phrases commonly found in phishing emails. To circumvent the security checks of the spam filter, phishers may intentionally misspell certain words. If you notice misspelled words or an email marked as 'Spam', exercise extra caution.
Example of a phishing email marked as ‘Spam’
Once you have spotted a phishing email, please report it to the IT HelpCentre so that the IT Security Team can analyze the attack pattern and take necessary actions.
If you need further information or assistance, please reach out to us via the IT Online ServiceDesk, or contact the IT HelpCentre (Tel: 2766 5900, WhatsApp/WeChat: 6577 9669).
