FAQ on Phishing Email
Q1. What should I do if I receive a phishing or spam email?

If you think you have received a phishing or spam email, do not click on the links or buttons in the email.  Do not download or open any attachments in the email and do not reply to the sender.   If you are in doubt, you may contact the sender or the organization with trusted contact information (e.g. phone number or an official email address) to verify the email.

Besides deleting the email, you may instead report the phishing or spam email to Microsoft for detection algorithm enhancement.  Please refer to this webpage for details.

If you have any doubt, please check with ITSO or refer to our web page Spotting a Phishing Email for more information.

Q2. What should I do if I have clicked on a suspcious link and entered my account password?

If you have entered you account/password on any fake sites, please perform the following:

  1. Change your ITSO Network Password immediately. If you are a @connect user, you may also using the Forget Password in case you cannot logon to any ITSO sites.
  2. Check your email forwarding setting as spammers might try to set forward your emails to other email address (email address not owned by you).

If you believe you might have revealed sensitive information about HKUST or personal information, report the matter to security@ust.hk as soon as possible to alert ITSO to look for suspicious or unusual activity.

If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplained expenditure in your account.

Q3. What will ITSO do with those phishing email?

ITSO will block (sample page) the links in the phishing email from our network border if they are malicious. Users within campus will not be able to access the phishing web site. However, users can still access to the malicious website if you are outside campus or using your mobile phone. Never click on the links if they look suspicious.

Sample of the phishing emails will also be announced on our Phishing Example web page to alert all of our users.

Besides, ITSO will also report the Phishing web site to Google as soon as possible for safe browsing.

Please refer to our site Email Phishing and Social Engineering for more information.

Q4. Is there any awareness training concerning phishing email to HKUST users?

Yes. ITSO has a web site about "Email Phishing".

Please also refer to our Phishing Email Training Video.