Network and Information Security
Security Policies
Critical Data Protection
Phishing Alert
Security Tips
Password Security
Security Skills
Phishing Alert

Be Alert to Phishing Emails at All Times!

Phishing is an online scam where hackers impersonate trusted individuals, such as colleagues, friends, or family members, to trick you into providing sensitive information. This is often done through hyperlinks that direct you to fake websites or by prompting you to download malware that can infect your computer with Trojans or backdoor viruses.

What is Phishing?

Phishing is a type of online scam where criminals send emails that appear to come from trusted sources, such as colleagues, friends, or family members, to steal your personal information. Typically, this is carried out by including a link that seems to direct you to a legitimate website to input your credentials. However, the website is a disguise, and any information you provide goes directly to the scammers.

What Are the Dangers of Phishing?

Phishing is one of the most dangerous forms of cybercrime because it is often undetectable by standard antivirus software. Once the attackers have your personal information, you may become a victim of identity theft, which can lead to financial instability, damage to your credit, or even exploitation for political purposes.

How to identify a Phishing Email?

  1. Check the sender's email address—if it looks suspicious, don't open the email. Don't trust the display name as the phishing email is often forged a name, such as a system administrator account or the company name.
  2.  Check the recipient's address. If the email is sent to a large number of recipients across different departments, it may be a phishing email. It may be a phishing email.
  3. Check the email sending time. If it is beyond working hours, such as  3:00 am, you need to be vigilant about it.
  4. Check the email subject. Most of phishing emails using "system administrator", "notification", "purchase order", "invoice", "conference schedule", "list of participants", "review of previous conferences", etc. as the subject.
  5. Be alert to emails that use generic greetings such as Dear User, Dear Colleague. At the same time, be alert to any email that creates an emergency atmosphere, for example, "Please be sure to complete it today". Most phishing emails attempt to create a sense of urgency, leading recipients to fear that their account is in jeopardy or they will lose access to important information if they don't act immediately.
  6. Legitimate banks and most other companies will never ask for personal credentials via email. Don't give them up.
  7. Be aware of the Emails with spoofed links. Also, look for URLs including "&redirect" ,it may be a phishing email. Be aware of the "Unsubscribe" button, some of them are leading to more spam after clicking, or be implanted with malicious code. You can directly block the spam sender's email address.
  8.  Use caution when opening email attachments, even if they appear to be from someone you know. Scan the file using your antivirus program before opening it. Files such as word, pdf, excel, PPT, rar, etc. may be embedded with Trojans or spyware, especially executable files with .exe and .bat suffixes in the attachment.

Do's to Prevent Phishing Emails

  1. Install antivirus software. Keep your software current and update the virus database regularly to enable the antivirus software to scan the email attachments.
  2. The login password should be kept confidential. Don't disclose the password information of the mailbox to anyone. Don't post your login password on your desk or on a notepad where is easy to find. The password should be changed regularly.
  3. The email account should be linked to the mobile. Bind the email account to your personal mobile phone number, not only can you retrieve the password, but also receive the “off-site login reminder” message.
  4. Public and private mailboxes should be separated. Don't use the work mailbox to register the website of public service, and don't use the work mailbox to send private mail.
  5. Important documents should be protected. Clear important emails that are no longer useful; back up important files to prevent loss of files after being attacked; important mails or attachments should be sent encrypted, and the decryption password cannot be attached.

Don'ts to Prevent Phishing Emails

  1. Do not trust the "display name" of sender. Because the display name can actually be set manually, please check the full name of the sender’s email address.
  2. Don't click on the link in a strange email. If there is a link address in the text, don't open it directly. A large number of phishing emails use short links (such as http://t.cn/zWU7f71) or text with links to confuse users. If the received mail is a notification email such as email account upgrade or suspension, you should check carefully whether the link is the official website. If not, it may be a phishing email.
  3. Don’t lower your guard, even when receiving emails from acquaintances. Attackers often compromise internal email accounts within an organization to send phishing emails. If you receive an email from a trusted friend or colleague, and it looks suspicious. You can call directly to verify it with the sender.
  4. Don't perform sensitive operations in public places. Don't use a computer in a public place to log in to your e-mail, or use instant messaging software, online banking or other operation relate with sensitive information. Please do not log in and send and receive emails after connecting to Wi-Fi if the network security cannot be ensured in case of people with ulterior motives will use data interception and surveillance to obtain user information.
  5. Don't post sensitive information to the Internet. Information and data that users post to the Internet could be collected by attackers. By analyzing this information and data, the attacker could send phishing emails to users in a targeted manner.

What to Do If You Click on a Phishing Link?

If you accidentally open a phishing email or your computer becomes infected, follow these steps to minimize the damage:

  1. Report to ITSO immediately. ITSO will follows up to do the system cleanup and recovery.
  2. Immediately change your passwords for any potentially compromised accounts to prevent the attacker from obtaining sensitive information such as emails and contacts in the mailbox for further attack.
  3. Conduct a full system scan using your antivirus/anti-malware software.
  4. Cut off the network connection of the infected device (unplug the network cable or disable the network) to prevent other devices in the network from being infected and infiltrated and to prevent sensitive files from being stolen, and reducing the loss caused by security incidents.