Social engineering scams such as phishing are among the most prevalent attacks among institutions today. This affects NUS as a leading global university as we handle confidential and sensitive information such as personal and research data. Our utmost priority is to protect our information assets by implementing layers of technical controls to protect them.

NUS is committed to fighting phishing and other common social engineering threats. NUS web domain (nus.edu.sg) is an integral part of our identity used in email and applications, which may be the target of attacks such as setting up look-alike domains to deceive the community and our institutional partners.

 

On Emails:

• – If you receive an email from an NUS staff or student, always inspect the sender domain carefully. Our email domain suffix is fixed as – *@nus.edu.sg (Staff) and *@u.nus.edu (Students).
• – Other emails such as application notifications may also be triggered within NUS domains but may appear with a sub-domain prefix such examples below:

Key NUS Email Domains	Examples
*.nus.edu	u.nus.edu
*.nus.edu.sg	alert.nus.edu.sg alumni.nus.edu.sg comp.nus.edu.sg giving.nus.edu.sg partner.nus.edu.sg visitor.nus.edu.sg
*.duke-nus.edu.sg	partner.duke-nus.edu.sg se.duke-nus.edu.sg
*.yale-nus.edu.sg	u.yale-nus.edu.sgyale-nus.edu.sg

NOTE: (*) may refer to a prefix string value. Please refer to the examples column.

• – Any sender claiming to be from NUS but doesn’t appear to be using our email domain or sub-domains, should be treated as suspicious and must be verified or reported to NUS IT Care (itcare@nus.edu.sg) via 6516 2080.

 

On Websites URL:

• Our website https://www.nus.edu.sg or https://nus.edu.sg represents the university’s corporate web page enabled with secure protocols (SSL/TLS) to protect transmission when accessing the pages.
• Departments and Faculty represent their corporate pages using the sub-domain or legitimate look-alike websites (e.g. nus.edu.sg or www.duke-nus.edu.sg) that offer general information.
• Applications also use the sub-domain level URL depending on the purpose of the interfaces. However, they do not have webpages enabled (www) and are often only a source of application notifications.

NUS Domain	Hosting Sub-Domain Examples
*.nus.edu.sg	esi.nus.edu.sg nusscale.nus.edu.sg se.nus.edu.sg
*.duke-nus.edu.sg	partner.duke-nus.edu.sg se.duke-nus.edu.sg
*.yale-nus.edu.sg	u.yale-nus.edu.sg yale-nus.edu.sg

 

On SMS Notifications

• – NUS will soon no longer include hyperlinks or URLs on SMS messages. This is to curb the risk of smishing (phishing SMS) sent by masked SMS profile (no number) or overseas number.
• – Ministry of Education (MOE) is giving institutions a period to cease the use of URLs or hyperlinks on SMS by 2022. NUS is committed to complying with this mandate and has fully implemented this as of April 2022.

On Short URL:

• – NUSs’ official short URL is EDU and is used exclusively on various university campaigns or applications, which follows a process to prevent its misuse.
• – 3^rd party cloud services will also be standardised to use NUS short URL. NUS is committed to complying with this MOE mandate by (TBA).

 

The institution will continue to enhance its systems, process and user awareness to further improve the community’s resilience to social engineering threats, especially those that target/impersonate/spoof NUS identity to carry out malicious attacks.

We encourage everyone to exercise caution and due diligence when dealing with suspicious emails, links, fake pages and even identities.

 

 

Let’s all work together to keep NUS secure, bIT by bIT