To: All Users

Online services have become an indispensable part in our daily life, thus making Internet scams more prevalent and widespread, covering a wide range of areas such as shopping, job hunting, investing, charity, lottery, etc. There is a Cantonese saying, “An old trick is fine, as long as it works” implying that many traditional scams are repackaged in new forms and carried out on the Internet or over the phone. The tactics are constantly changing, making it hard for people to protect.

However, all scams have a common goal, whether they are tricking users to give their account numbers, passwords or personal information, the ultimate goal is money. As long as you raise your security awareness and always “fact‑check”, you can reduce the risk of being scammed. Remember the three key principles to prevent fraud:

1. Stay calm and don’t be flustered: Fraudsters often use threatening words over phone, text messages or emails to cause victims to lose their composure and fall into their trap, especially if they claim themselves to be law enforcement, government or bank officials. Just stop and think! Try to buy time to verify the truth of the matter or consult with family and friends.
2. Don’t be greedy: Never let the mentality of “Fear of missing out” to blind your judgment. There’s no free lunch in the world. If there’s any promotional sale or investment opportunity, make sure to understand it clearly and verify its authenticity to avoid losing more than you gain.
3. Never casually disclose personal information: Personal information is equivalent to money. You should not reveal your personal information casually, as it is not just your data that can ultimately be stolen, but your personal identity, which can then be used to defraud money or engage in illegal activities.

Pay more attention to anti-fraud information and naturally raise your anti-fraud awareness, so that you won’t give fraudsters an opportunity to take advantage. The following are some examples of scam messages:

Pretending to be an instant messaging software notification, with disturbing words. But one thing to note is that the “w” letter in URL is actually impersonated by two “v” letters.

Suspicious text messages from strangers. Scammers may use social engineering scams to carry out all kinds of fraud, they will use the tactic of “played the long game” and communicate with the victim for a long time to win their favor, which means to defraud a large amount of money.

Compromising verification codes is a common method of hijacking other people’s accounts, including communication software, bank transfers, etc. Verification codes are used for personal identity verification or account operation verification, which is a matter of personal privacy, and should not be disclosed. Actually, using someone else’s phone number for verification is completely unreasonable, and the sender’s account may have been compromised.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued the security vulnerability about Chrome browser, this vulnerability may trigger the bypass of security restrictions and remote execution of arbitrary code; in addition, this vulnerability is widely exploited.

• Please update to Google Chrome version 119.0.6045.199/.200 or later.

For more details, please refer to: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

Steps to update Google Chrome browser

• Open your Google Chrome browser on your desktop.
• Click the three vertical dots in the upper right corner to open the dropdown menu.
• Select “Settings“.
• Click “About Chrome” on the left-hand sidebar.
• Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
• Restart the Chrome.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Important data loss can occur anytime, data backup is an important measure to prevent data loss caused by equipment failure or data damage, ensuring valuable information will not be lost forever. Data backup also provides the last protection for cyberattacks (especially ransomware attacks), allowing you to recover the data and resume daily operations quickly. Proper data backup can also protect sensitive personal and financial information from unauthorized access or disclosure.

Basic Data Backup Practices:

1. Regular Backup: Schedule regular backup to ensure your data is always up to date. Daily backup is recommended for critical data, weekly or monthly backup may be sufficient for files that are not updated frequently.
2. Keep Multiple Backup Copies: Store multiple copies of your backup on different storage devices, such as external hard drives, cloud storage, or even physical copies. This redundancy ensures that even if one of the storage media failed, your data can still be preserved. When using cloud storage, please pay attention to the security and data protection settings of the service and consider which data is suitable for storage in the cloud.
3. Store Storage Devices Properly: Store your backup storage devices properly and away from physical hazards like fire or water. For cloud storage, choose reputable providers with robust security measures.
4. Test Backup Regularly: Verify the integrity of the backup by testing them regularly to ensure the data can be restored when necessary.
5. Password Protection: Protect your backup devices by means of a password to prevent unauthorized access. In addition, consider encrypting the backup to increase the security.

Data backup is not a one-off task, but an ongoing process. Through the above basic and effective practices, you can protect your valuable data from being lost and ensure that your personal and work data are protected.

Reference

Data sharing & storage service in the University
Protect your computer against virus and malware

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Ransomware attacks are one of the most common types of cyber attacks in recent years. Attackers use various network intrusion techniques or methods such as impersonation and fraud to deploy ransomware programs to organizations and users, encrypt the data on the infected computer system, so that the affected systems will not be able to operate normally, and extort money and other economic benefits from the victims. At the same time, some attackers also steal data during the process and threaten victims with disclosure of confidential data to increase the likelihood of the victims compromising.

The following security measures can prevent ransomware attacks:

1. Beware of phishing and virus emails, do not casually open attachments or web links:
   Attackers will send phishing emails with malicious program attachments or web links. Once you open, your computer system will be infected;

2. Beware of social engineering, do not trust strangers or people with unverified identities:
   They will impersonate government officials, customer service, bank staff, etc., and induce you to download or install unknown software, or even assist them in carrying out ransomware attacks;

3. Install antivirus software, turn on real-time protection and monitoring functions:
   Whether the ransomware program is spread via portable data storage devices (such as USB, mobile hard drives, etc.) or emails, the real-time protection function of antivirus software can effectively intercept the ransomware program when it is installed or executed;

4. Regularly update software, keep antivirus software up to date:
   This can prevent attackers from exploiting existing software vulnerabilities for attacks. At the same time, the latest antivirus software feature database can  detect effectively and intercept suspicious software programs;

5. Protect your user password, activate multi-factor authentication services and use strong passwords:
   They will use leaked accounts or brute force cracking techniques to remotely log into your computer system and install ransomware programs;

6. Regularly backup data to ensure that files can be restored from backups:
   Even if data is encrypted, it can be restored from backups, which will reduce the chance of data loss.

Reference

• How to download and install software in a secure manner?
• Are you ready to prevent Ransomware?
• Beware of Spear Phishing
  

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued security vulnerability about Chrome browser.  This vulnerability may trigger privilege escalation, remote execution of arbitrary code and denial of service, which is widely exploited.

• Please update to Google Chrome version 117.0.5938.132 (Windows, Mac and Linux) or later.

For more details, please refer to: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

Steps to update Google Chrome browser

• Open your Google Chrome browser on your desktop.
• Click the three vertical dots in the upper right corner to open the dropdown menu.
• Select “Settings“.
• Click “About Chrome” on the left-hand sidebar.
• Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
• Restart the Chrome.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

• What is Spear Phishing Attack?

Spear Phishing is a specific type of Phishing Attack that targets individuals or organizations with the intention of deceiving them and gaining unauthorized access to sensitive information. Unlike regular phishing attacks, spear phishing is more personalized and involves tactics such as impersonation, enticing bait, and finding ways to bypass security measures like email filters and antivirus software.

Although general Phishing and Spear Phishing employ similar techniques, there are distinctions between them. General Phishing attacks are typically straightforward, aiming to acquire the victim’s information, such as online banking credentials, to fulfill their objectives. In contrast, spear phishing attacks go beyond simply obtaining login details or personal data. They serve as a gateway for attackers to gain initial entry into the targeted network and act as a stepping stone for subsequent Targeted Attacks

• How does Spear Phishing Work?

Spear phishing attacks specifically aim at targeting individuals within an organization or institution, including their social media accounts like the organization’s website, Twitter, Facebook, and LinkedIn. The attackers invest time in creating persuasive email content and may include harmful attachments or links in the emails. When the recipient opens such attachments or clicks on the links, it can trigger the execution of malicious code or redirect the user to a compromised website. This provides an opportunity for the attacker to establish a hidden communication network and advance to the next stage of the attack.

• How to Prevent Spear Phishing?

To thwart spear phishing attacks, UM employs several layers of protection, empowering system administrators with enhanced visibility and control over the network. This approach minimizes the risk of targeted attacks and mitigates various attack vectors.

Nonetheless, the most pivotal factor in defense lies in the information security awareness of employees and students. By diligently observing spelling mistakes, peculiar language, and other suspicious indicators in emails, individuals can partially shield themselves against spear phishing attacks.

Reference

• Important Notice: Beware of phishing emails sent by UM members
• Don’t Let a Phishing Scam Reel You In
• How can I identify a phishing, fake email and websites?
• Beware of Phishing Trap

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

There has been a recent emergence of phishing emails impersonating university staff members. Hackers are using fraudulent email addresses to send urgent emails to colleagues or students, pretending to need immediate assistance. Their intention is to deceive recipients into responding and then carry out subsequent fraudulent activities, such as money scams or attempts to obtain account passwords.

Figure 1: Desktop Version

Figure 2: Mobile Version

If you have suspicions, try to contact the sender through other reliable means for further verification, such as phone calls or text message.

Please DO NOT RESPOND to this kind of emails or provide any information to the impersonating sender. If you have any further queries, please feel free to contact our Help Desk.

Reference

• Don’t Let a Phishing Scam Reel You In
• How can I identify a phishing, fake email and websites?
• Beware of Phishing Trap

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office