ITSC eNewsletter, Issue 127 20 Jan, 2012

1. New CUHK eLearning System for the New Undergraduate Curriculum
2. Things that Need to Change Under the New Phone Number Prefix 3943 and 5-digit Extension
3. PDF, in addition to images and flash, files would also be supported in the University Translation Server Conversion
4. Upgrade of CUHK Financial System (SAP)
5. University Software Standards – Jan 2012 Updates
6. Maintenance Schedule 2012
7. Beware of Fraudulent E-mails Attempting to Acquire Your Personal or CWEM Account Information
8. Feature: Chinese Lunar New Year E-Cards

Back to this issue

7. Beware of Fraudulent E-mails Attempting to Acquire Your Personal or CWEM Account Information

Phishing e-mails are fraudulent e-mails that look like genuine requests for user information, including your personal or CWEM account information. Recently, some phishing emails appearing to originate from ITSC or CUHK have been sent to CUHK users, requesting for users' CWEM or other personal information, with a subject like "Upgrade", "Update your CUHK Email Account" or "CONFIRM YOUR EMAIL IS ACTIVE AND IN USE". However, ITSC or CUHK never ask users for such information via email. If you see those emails, remember not to reply or send any information to these senders or click on any hyperlinks of those emails or websites, until the authenticity of the emails or websites are verified.

 

Verify the e-mails

 

When you receive a suspicious and strange e-mail asking for your account information, you should:

 

l   NEVER reply to the e-mail or click any hyperlink in the e-mail.

l   Check whether it is a reported case on the ITSC page on Phishing: http://www.cuhk.edu.hk/itsc/network/app/email/phishing.html

n   If it is listed on the page, delete the e-mail at once.

n   If it is a new case, report to your LAN administrator or ITSC at infosec@cuhk.edu.hk. 

 

Identify a legitimate website

 

Use of digital certificate in CWEM login webpage is one of the measures to ensure that you are visiting a legitimate CUHK website. It also helps ensure the safe and secure flow of information. You can identify a legitimate CWEM login webpage by checking the certificate being installed. Please refer to the procedures published at http://www.cuhk.edu.hk/ca/faq.html#cuhksite.

 

Immediate Actions if information is provided

 

Your CWEM password has become more important than ever as it is widely used for authentication in CUHK web services. It means that your CWEM password is not only used for checking e-mails, but also for registering courses and checking examination results (for students), etc. Staff members also use the password to access self-service functionalities.

 

It is therefore VERY IMPORTANT that your password should not be disclosed to anybody. It could also cause a HIGH impact to the CUHK email service and all CWEM users if you have accidentally provided your e-mail account information. It is because after collecting your information, hackers are able to use your personal e-mail account to send out spam in abundance. Some popular e-mails service providers, e.g. Window Live Hotmail and Yahoo! Mail, will then blacklist our e-mail system in order to protect their users. The whole CUHK email service would therefore be affected as CUHK e-mails would not reach mailbox of those popular e-mails service providers. Hackers may also do other harmful things by using your e-mail accounts.

 

Remedies

 

If you have responded to those phishing e-mails and disclosed your CUHK e-mail password, please IMMEDIATELY change your password; and inform ITSC at infosec@cuhk.edu.hk.  

Please visit http://www.cuhk.edu.hk/itsc/network/app/email/phishing.html for further information.

ITSC and CUHK never ask for your password.

We hope you enjoy reading the ITSC eNewsletter. As always, we would like to know how you think about the ITSC eNewsletter and how we can make it more useful to you. Please write your comment to ITSC Service Desk.

[E-mail to Friends] [Search]


Copyright 2025, Information Technology Services Centre, The Chinese University of Hong Kong