Back to top

Notice re Preventing Phishing Email Attack

22-March-2023

Dear all,

      Recently, there have been frequent phishing email attacks targeting users of many universities, resulting in some users being deceived and causing information leakage and economic losses. Therefore, we reminded you to enhance your prevention awareness and work together with the campus to strengthen email security protection.

I.   The main characteristics of phishing emails

      Phishing emails are a common form of cyber attack, usually in the form of notifications such as "abnormal email account," "system upgrade," "security warning," "fraudulent extortion," or "enticing interests," which aim to trick users into clicking on links in the email to download malware or visit fake websites. Attackers then steal sensitive information such as bank account numbers, passwords, ID card numbers, and mobile phone numbers, or execute ransomware and other malicious code on the device to carry out further network attacks. Some typical phishing email samples are as follows.

1679453066806501.jpg

1679453110451791.png

1679453135936517.png

Pic 1-3: Recent phishing emails on campus

II.   How to identify and prevent phishing emails

      (1)  Don't trust the displayed name and address of the sender

      The sender's name is easily spoofed, so when receiving an email, it is important to verify the actual email address of the sender. The school and campus email domains are @zju.edu.cn and @intl.zju.edu.cn.

      (2)  Be wary of requests for personal sensitive information

      For emails requesting personal information, treat them with caution and confirm the authenticity of the content repeatedly. Do not enter account numbers, passwords, mobile phone and bank card numbers, and other personal information casually.

      (3)  Maintain good email habits

      Set complex email passwords (with a combination of uppercase and lowercase letters, special characters, and numbers not less than 8 digits) and avoid clicking on links, downloading and installing attachments, especially those with executable files (.exe or .bat). Avoid publishing personal email addresses on the Internet.

      (4)  How to handle such emails if received

      If you have any questions about any email, you can forward the original email to itservices@intl.zju.edu.cn for investigation. After confirming that it is a phishing email, please delete it directly without responding or clicking on any links or attachments.

Office of Campus Operations and Support

Mar. 22, 2023