Information Technology Services Office
ITS staff access only
Start main content

Be vigilant against online scams

Did you know? Most data breaches, about 70% to 80%, happen because of phishing and social engineering attacks. These attacks work by tricking phishing attack target into giving sensitive information or clicking on harmful links.

Staff and students receive online scam messages on social media or message inboxes. How you respond is very important. It not only affects yourself but also the university’s systems, data, and reputation.

 

011

 

Here are some common phishing tricks cyber attackers may use:

  • They may use personal information retrieved from social media about you to make their scam messages look more real and convincing.
  • To gain your trust, attackers often pretend to be well-known companies like Google or Facebook. Sometimes, they may even impersonate someone you know. In a university scenario, they might pretend to be academic staff, since a lot of information about them is available on our university webpage.
  • Attackers often try to make you feel rushed, so you don’t have time to think carefully. For example, they may urge you to cancel a subscription within 24 hours or you will be charged, or pretend to be your boss and ask you to do them a favor urgently.
  • Besides asking for money directly, attackers often try to steal your login details. They may send you a link to a fake website and ask you to log in to cancel a subscription you never signed up for. If you enter your username and password, the criminals can steal this information.

 

012

 

Here are important tips to keep in mind:

  • Pause and Think: Don’t click on links or share information immediately, even if the message includes some of your personal details. Take a moment to verify if the message is genuine.
  • Check for Red Flags: Look for unusual language, misspellings in the sender’s address or message, or urgent requests for action. These are common signs of phishing.
  • Double Verify: If you receive an unexpected message asking you to do something unusual, always confirm it using trusted contact method. For example, if you get an email from “IT Services,” contact ITS directly using the official university email or phone number, not the contact information in the suspicious message.
  • Keep Learning and Stay alert: Visit our university’s online training platform to learn more about cybersecurity. The platform covers many topics to help you stay safe online. You may access the platform via the LEARN@PolyU platform.

 

013

 

If you need further information or assistance, please contact the IT HelpCentre (Tel: 2766 5900, WhatsApp / WeChat: 6577 9669) or reach out to us via the IT Online ServiceDesk.

 

We use Cookies to give you a better experience on our website. By continuing to browse the site without changing your privacy settings, you are consenting to our use of Cookies. For more information, please see our Privacy Policy Statement.

Your browser is not the latest version. If you continue to browse our website, Some pages may not function properly.

You are recommended to upgrade to a newer version or switch to a different browser. A list of the web browsers that we support can be found here