Let’s Strengthen Security on the State-of-the-art Technology
Dear students, users and fans,
In recent days, Ken’s Study Journey and other friends have been aware of some phishing SMS (text messages) sent to SIM cards using official brand names but unofficial similar domain names.
The phishing SMS in question is either in Chinese (Simplified) (简体中文) or Chinese (Traditional) (繁體中文).
In the worst case, the senders of the phishing messages use the same identity (spoofed) as the official (real) 6-digit verification codes.
Fortunately, the ITSC of our university discovers and blocks such phishing websites as soon as possible.
Ken’s Study Journey has already implemented domain name SPF and DMARC policies to prevent spoofed emails, as well as self-developed email unique codes.
This means fake email servers impersonating the domain name “@kenstudyjourney.cn” will be dropped by the receiver’s email provider (if it supports SPF/DMARC).
My Security Tips:
- Be extra careful of URL spelling.
Ken’s Study Journey Reminder:
Also check spelling very carefully in your exams. - Disconnect from the Internet when copying and pasting the URLs/messages (which prevents opening it by error).
- Check the domain name WHOIS information (especially the registration date).
CAUTION: Copy and paste the domain name (or the whole message).
Do not type it because some letters are incorrect but confusing, e.g.
“lphone (LPHONE)” instead of “iphone (IPHONE)”
“vvhatsapp (VVhatsapp; with Double “V”)” instead of “whatsapp (WHATSAPP)”
- For Python programmers/students:
Check the fully lowercase/uppercase versions of the domain name using the "string".lower() or "string".upper() Python functions, e.g.
print("lPhone".lower()) => "lphone"
print("lPhone".upper()) => "LPHONE"
You can simply type the commands and paste the domain names in the Python IDLE.
Ken’s Study Journey Reminder:
Always be careful when reading information, whether in assignments, exams, emails and SMS.
Like assignments and exams, scammers can also trick students with fake but very similar URLs.
Let’s Strengthen Security on the State-of-the-art Technology
University students also need anti-phishing tips in addition to academic knowledge.
Don't get conned and give up your studies.
Ken’s Study Journey
9 March 2024
Hong Kong (SAR), China
Examples of Phishing SMS Received
Claiming to be “Apple”, in Chinese (Simplified) (简体中文):
Claiming to be “WhatsApp”, in Chinese (Traditional) (繁體中文):
粤公网安备 44011802000762号
Your comment has been posted successfully, but it needs to be audited by myself artificially to prevent spam and negative comments.
Please wait for a few days. You will receive an email once your comment has been replied.