Skip to Content
Cover Image
Share via QR Code
Sharing QR Code

Ken's Study Journey Reminder:

Copy the link below or use the menu on your browser to share.

CAPTCHA Security Check

Scam Alert: Be Aware of Phishing with (Spoofed) Official Sender Names

 All Notices

Font Size:
Default Large Extra

By: Ken Deng   Published on 9 Mar. 2024

  Download PDF

Let’s Strengthen Security on the State-of-the-art Technology

Dear students, users and fans,

In recent days, Ken’s Study Journey and other friends have been aware of some phishing SMS (text messages) sent to SIM cards using official brand names but unofficial similar domain names.

The phishing SMS in question is either in Chinese (Simplified) (简体中文) or Chinese (Traditional) (繁體中文).

In the worst case, the senders of the phishing messages use the same identity (spoofed) as the official (real) 6-digit verification codes.

Fortunately, the ITSC of our university discovers and blocks such phishing websites as soon as possible.

HKUST ITSC Phishing Blocking Page

Ken’s Study Journey has already implemented domain name SPF and DMARC policies to prevent spoofed emails, as well as self-developed email unique codes.

This means fake email servers impersonating the domain name “@kenstudyjourney.cn” will be dropped by the receiver’s email provider (if it supports SPF/DMARC).

My Security Tips:

  1. Be extra careful of URL spelling.
    Ken’s Study Journey Reminder:
    Also check spelling very carefully in your exams.
  2. Disconnect from the Internet when copying and pasting the URLs/messages (which prevents opening it by error).
  3. Check the domain name WHOIS information (especially the registration date).
    CAUTION: Copy and paste the domain name (or the whole message).
    Do not type it because some letters are incorrect but confusing, e.g.
    lphone (LPHONE)” instead of “iphone (IPHONE)”
    vvhatsapp (VVhatsapp; with Double “V”)” instead of “whatsapp (WHATSAPP)”
    Phishing Website WHOIS Information
  4. For Python programmers/students:
    Check the fully lowercase/uppercase versions of the domain name using the "string".lower() or "string".upper() Python functions, e.g.
    print("lPhone".lower()) => "lphone"
    print("lPhone".upper()) => "LPHONE"
    You can simply type the commands and paste the domain names in the Python IDLE.
    Spotting Upper/Lower Case Domain Name

Ken’s Study Journey Reminder:

Always be careful when reading information, whether in assignments, exams, emails and SMS.

Like assignments and exams, scammers can also trick students with fake but very similar URLs.

Let’s Strengthen Security on the State-of-the-art Technology

University students also need anti-phishing tips in addition to academic knowledge.

Don't get conned and give up your studies.

Ken’s Study Journey

9 March 2024

Hong Kong (SAR), China


Examples of Phishing SMS Received

Claiming to be “Apple”, in Chinese (Simplified) (简体中文):

Phishing SMS Impersonating Apple

Claiming to be “WhatsApp”, in Chinese (Traditional) (繁體中文):

Phishing SMS Impersonating WhatsApp