FAQ on Phishing Email
Q1. What should I do if I receive a suspicous Phishing email (fake email)?

You have good reasons to suspect an email if it is not signed (carrying the  icon in Microsoft Outlook or Outlook Web App), with unfamiliar sender identity or threat message that your account will be deleted if you do not respond. You may just delete or ignore these messages.

If you suspect that an email you received is a phishing attempt:

  • Do not open it.
  • Delete it immediately.
  • Do not download any attachments.
  • Never click links that appear in the message.
  • Do not reply to the sender.

You may also check on the page Phishing Examples to verify if they are known phishing (faked) email. If you have any doubt, please check with ITSC or refer to our web page Spotting a Phishing Email for more information.

Q2. What should I do if I have clicked on a suspcious link and entered my account password?

If you have entered you account/password on any fake sites, please perform the following:

  1. Change your ITSC Network Password immediately. If you are a @connect user, you may also using the Forget Password in case you cannot logon to any ITSC sites.
  2. Check your email forwarding setting as spammers might try to set forward your emails to other email address (email address not owned by you).

If you believe you might have revealed sensitive information about HKUST or personal information, report the matter to security@ust.hk as soon as possible to alert ITSC to look for suspicious or unusual activity.

If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplained expenditure in your account.

Q3. What will ITSC do with those phishing email?

ITSC will block (sample page) the links in the phishing email from our network border if they are malicious. Users within campus will not be able to access the phishing web site. However, users can still access to the malicious website if you are outside campus or using your mobile phone. Never click on the links if they look suspicious.

Sample of the phishing emails will also be announced on our Phishing Example web page to alert all of our users.

Besides, ITSC will also report the Phishing web site to Google as soon as possible for safe browsing.

Please refer to our site Email Phishing and Social Engineering for more information.

Q4. Is there any awareness training concerning phishing email to HKUST users?

Yes. ITSC has a web site about "Email Phishing".

Please also refer to our Phishing Email Training Video.