The University of Science and Technology of China sent a phishing email offering free moon cakes. The school responded that it was an anti-fraud exercise. How to evaluate the school’s behavior?

It is really necessary to hold some similar anti-fraud drills in schools, because college students are always the focus of fraudsters. Moreover

A lot of college students’ money is for living expenses, so it’s really hurtful to be defrauded.

I have also noticed that many campuses will post anti-fraud posters, but this method of publicity has little effect and is difficult to attract students' attention.

Only when students are truly deceived once can they learn a lesson and gain wisdom. I just recently listened to a prosecutor’s lecture on fraud. The prosecutor said that fraudsters tailor a set of fraud techniques for each fraud target, and will make full use of the front-end to illegally obtain information. citizen-related information. ?

1. There was once a scam targeting international students. They specifically called to tell international students who wanted to go abroad that there was a problem with their visas and that they needed to hand over their bank account number for safekeeping. At the same time, a second channel (fake visa management department) and a third channel (fake public security and judicial department) are set up in order to fool you around.

For example, for students who have a history of campus loans, they will call you to tell you that you need to cancel your campus loan account, otherwise you will have credit problems.

Then they will trick you into transferring money. . ?

My roommate also encountered a telecom fraud when he was a junior in college. The scammer pretended to be an ICBC number and sent him a text message. After he clicked on the link (the interface was almost exactly the same as that of ICBC) After entering the account password, the money was transferred away not long after. (It’s so miserable, all the living expenses)

So the school must take more measures to attract students’ attention! Therefore, this type of anti-fraud drill is indeed necessary. After experiencing a "scam email", most people will definitely screen it more carefully the next time they encounter a similar email

I hope that this kind of "anti-fraud drill" can also be actively implemented in other universities

The proportion of victims is really not low

2. Phishing emails are social engineering attacks in network security a means. No matter how powerful the encryption method is, it can't stop your own people from leaking secrets. Regarding phone scams, the police have done a lot of publicity, and everyone has a strong awareness of prevention; teachers and students are not very familiar with phishing emails. This time

About 1/10 of the teachers and classmates were fooled, which illustrates its danger.

In fact, before this, there were real phishing emails that falsely claimed that "the email password has expired and the password needs to be updated." I guess it is inevitable that some teachers will fall into this trap.

In addition, NPU was attacked before, so it becomes necessary for HKUST to take action.

I don’t think you are far away from being deceived. If there is a cheap anti-fraud drill, it would be really good. The last sentence is, you have been deceived.

The effect is outstanding. group.

My last company made it clear to its employees that it would send us phishing emails from time to time. A lot of people took the bait the first few times, but with proper training, things should get better.

The penalty for taking the bait is to deduct the company’s internal currency. The purpose of this currency is to improve efficiency and work enthusiasm, and it is only linked to bonuses

.

3. This behavior of the University of Science and Technology of China is extremely worth promoting! College students are definitely the key victims of telecommunications fraud. Many university teachers and class teachers take the trouble to remind students in various courses

Beware of being deceived. But there are many things that are useless to talk about. You have to experience them once to know the taste.

Just like a stick that only hurts when it hits you.

The University of Science and Technology of China uses this method of letting everyone be fooled once to make students feel what pain is, and they will naturally remember it.

It is recommended that this behavior be promoted in universities across China.

If promoted smoothly in universities, the effect will be good.

It is recommended to promote it to a group in society that is more susceptible to telecommunications fraud, which is the elderly population

Many elderly people have been defrauded, and their children have refused to listen to their earnest advice, forcing banks to turn fake telecom fraud remittances into a major business.

If the country can do this to urban elderly people in batches, let the elderly feel what it feels like to be cheated.

You can effectively prevent telecommunications fraud

! The University of Science and Technology of China sent 40,000 phishing emails, "free moon cakes", and students were attracted. This school is really good at it. There are more and more fraud traps in life

but recently the University of Science and Technology of China has begun to take measures. As the Mid-Autumn Festival approaches, the school sent a fake email to all teachers and students.

You can get moon cakes by clicking on the link in the email. Unexpectedly, there are so many students who have been recruited! ?

4. The school held this event because the National Cyber ??Security Awareness Week was recently held in Hefei. The school wanted to use this event to remind students to enhance their anti-fraud awareness and not to trust information on the Internet. activities, resulting in possible losses. After the students clicked on the link and filled in the information, a prompt document appeared, telling the students that "you have won the 'prize'". In this event

the most recruited ones were the freshmen. It seems that these newbies are relatively innocent. At the same time, because the email was sent by the school, I also relaxed my vigilance. Therefore, the school made preparations in advance to avoid server damage.

Everyone must also take precautions to avoid falling into the trap of fraud.

5. Let’s get down to business. My former company also did a similar drill because there are people who really know how to fish. There are people in my former company who get swindled by giving subsidies. My friend's company also does the same. Taking Bilibili as an example, it is said that they regularly send emails with suffixes such as blilbili, biliblil, and biilbili. Someone will be fooled and they will be notified via email. This kind of email is really necessary. This is how education raises awareness

. Basically, anything that requires personal information should be considered. Some people say that the school’s questionnaires are not filled out anymore.

Generally, they follow personal wishes

The school will not force them. For example, I filled out the course evaluation of the Academic Affairs Office once because I found it troublesome, and the general school questionnaire

p>

The search will not ask you for your password. If you don’t fill it in because of the “crying wolf” message, you are really messing up, and you have not learned how to prevent it.

Phishing and scam emails The way to respond depends on the sending source and the link address. If you unfortunately click on it, remember not to provide personal information

.

Finally, a side question, a lot of people say that HKUST is stingy, are they really HKUST students?

6. Recently, various regions are organizing network security upgrades to cope with the increasingly complex international situation. Information development has slowed down. Incremental competition has turned into stock competition. Information security Incidents occur frequently. I myself have been tortured by offensive and defensive drills for a whole week. Fortunately, I got over it, and I did it when the team had no foreign aid

.

This kind of email fraud is also a commonly used method in attack and defense drills. However, the disguise of this email is indeed quite good. The email domain name and sending unit are actually very easy to disguise.

After all, there are so many employees, it is easy to find the internal mailbox with a weak password, then modify it and send it

The display name. In terms of technology, it is actually quite easy to identify. You can identify phishing emails with some basic common sense. The deception is not technology but social engineering. "The school distributes mooncakes during the Mid-Autumn Festival", this thing is too real. Yes. Moreover, when one dormitory knew about it, it was spread among the students. This kind of thing spread very quickly among students, and they believed it in a confused way.

It can only be said that the most powerful way to deceive people is when one of your own people deceives your own people. It is impossible to guard against it.