Cyber criminals send email scams by claiming to be someone you know (e.g. your department head, senior executive). They usually use non-HKUST email addresses with Display Names same as the persons you know (e.g. John Chan <johnchan.ust.hk @outlook.com>), and try to trick you into purchasing stored-value gift cards (e.g. iTunes) and sending the redemption details to them to benefit. An example can be found here.
Such email scams have also been reported in many local and overseas universities. Apple also issued a webpage to warn users about similar email scams. For more information, please seen the Learn More... section below.
How to Spot Email Scams
- Always check the sender email address before replying. They can easily change the Display Name in the email to pretend to be someone you know. Details can be found here.
- When you reply an email, check the email address at the TO field AGAIN. The email address shown will ALWAYS reveal the true recipient of your reply.
- Sophisticated Cybercriminals would use advanced technique to spoof email sender address to make you difficult to find the real sender. Microsoft Outlook (desktop client only) provides an anti-spoofing features for detecting it. More information can be found here.
- Contact the sender to verify the authenticity of the message INSTEAD OF pressing "reply button", i.e. send an email to him/her by typing the email address again, or verify by whatsapp or phone call.
- Stay vigilant when money is involved - always be alert when you are asked to provide monetary assistance.
- News related to Email scams
- University of North Texas - https://www.unthsc.edu/daily-news/are-you-available-beware-of-email-fraud-attempts-2/
- Apple - https://support.apple.com/en-hk/itunes-gift-card-scams
- HKU - https://www.its.hku.hk/spam-report/20190904-wednesday-reply
- CityU - https://www.cityu.edu.hk/csc/deptweb/support/faq/email/phishing/phishing143.htm
- University of Minnesota - http://phishing.it.umn.edu/2018/11/advisory-boss-needs-itunes-gift-cards.html
- University of Massachusetts Amherst - https://www.umass.edu/it/news/20190803/securityalertnewphishingscamtargetsumassamherstcommunitysat83
- Anti-spoofing Features in Outlook
- Tips to Avoid Email Phishing
- Examples of Phishing Emails
- Phishing Email Training Videos