Cybersecurity Alert : Email Scams Cheating You Money
ITSC has recently received a few reports of email scams with senders claiming to be a senior executive of the university (e.g. your department head). The scammers, who usually use non-HKUST email address but with Display names same as the person you know (e.g. <Professor Chan Tai Man> email@example.com). They usually try to induce you to start an email conversation, and then trick you into purchasing stored-value gift cards (e.g. iTunes) and sending the redemption details to them to benefit. An example can be found here.
Such email scams have also been reported in some universities of Hong Kong and Overseas. Apple also issued a webpage to warn users about similar email scams. For more information, please visit
- Apple - https://support.apple.com/en-hk/itunes-gift-card-scams
- HKU - https://www.its.hku.hk/spam-report/20190904-wednesday-reply
- University of North Texas - https://www.unthsc.edu/daily-news/are-you-available-beware-of-email-fraud-attempts-2/
- University of Minnesota - http://phishing.it.umn.edu/2018/11/advisory-boss-needs-itunes-gift-cards.html
We would like to remind all UST members to take the following steps to protect yourselves against common email fraud.
- Check carefully the email and sender’s email address (not the Display name), and make sure you really know the sender’s identity before doing what you are asked to do
- Try to contact the sender in another way (e.g. phone, official email addresses, instant messaging) to verify his/her request
- Be vigilant about the requests. It is uncommon that your senior need to request you for financial assistance via email
More details about protecting yourself against social engineering attack and email phishing can be found below.
Should you require any assistance or have any enquiries, please feel free to contact ITSC Service Desk (Tel: 2358-6200) or email to firstname.lastname@example.org.
IT Security Officer