Recently, there has been a large number of phishing emails targeting our University students and staff.  These phishing emails come in many different forms, but typically try to get our account information, such as request to validate account information or view your personal information, etc. It often appears to have been sent by a legitimate person such as from a student, staff or department from University of Macau.

Please remember that ICTO will never ask you for account information via email or web page. Please beware of these kind of emails, DO NOT RESPOND to the email and do not disclose your account password.

The following are some of the recently received known phishing mails:

How to identify phishing emails

  • Please pay attention to the sender’s email address, check if the sender’s address is hidden or sent by unknown people. If the email appears to come from someone or some organization you know but the email was unexpected or unusual, please contact the mentioned organization directly to confirm whether they have sent you an email.
  • Check if the email content which contains or references to a hyperlink, it possibly will direct to a fake website. You can check where the link will take you by moving the mouse over the hyperlink. The actual address should appear on the status bar of the browser or email client.

  • Identify the web address before logging in with UMPASS user ID and password. Please note that the official web address of login page should contain the following format.
    • The green padlock icon with “University of Macau [MO]” displayed
    • The web address must be with the domain suffix ““.

How to handle suspicious emails you received

  • Do not respond to emails before validating its source.
  • Do not click on any links and do not open attachments.
  • Don’t send your account information via email and avoid filling out forms contained in email or suspicious website.
  • Check the sender’s email address that may have been tampered with or hidden.
  • Check with ICTO if you are in doubt about the authenticity of the email.

What to do if you entered your details on a phishing email

If you have responded to a phishing email, please change your password as soon as possible by visiting

ICTO Account Information Page:

Note that if your account has already been used by hacker, ICTO would disable your account temporarily and provide you with assistance as soon as possible, thus to minimize the lost.

Reporting phishing emails

In order to prevent disclosure of account password or to fall victim to malicious activity, if you receive an email you are not sure about, please forward the suspicious email to or call the ICTO Help Desk at 8822 8600.

ICTO is doing all we can to intercept the phishing emails from the campus systems and inform our user as soon as possible, so as to prevent others from falling into the Phishing attack.