Golden rules
Do not open dirty / suspicious links
Do not open unexpected attachments
Do not share your password with anyone
Verify the sender address — especially for unusual requests
If unsure → stop and ask Admin
Email sender verification
Always check the real From address (not only the display name). Display names can be faked.
When to double-confirm
If the email asks for something unusual or unexpected, stop and double-confirm the sender before acting, for example:
- Urgent payment, bank transfer, or Visa / card details
- Password, OTP, or account login request
- Change of bank account / supplier details
- Request to buy gift cards, or send money “right now”
- Unusual instruction from a boss / manager / colleague you were not expecting
How to confirm: check the full email address carefully, then confirm by another channel (phone / in person / known chat) — do not use a reply, phone number, or link inside the same suspicious email.
Watch for misspelled email addresses
Attackers often use addresses that look almost right. Check every character:
| Look for | Example of fake | Real |
|---|---|---|
| Wrong domain | name@tree.com or name@tre.com.hk | @tree.com.hk |
| Extra / missing letter | Look-alike letters in the domain | @tree.com.hk |
| Extra word / hyphen | @tree-hk.com / @secure-tree.com.hk | @tree.com.hk |
| Wrong person | Display name “Boss” but address is unknown | Known colleague @tree.com.hk |
- Open / expand the sender details and read the full address
- Compare it to an address you already trust (previous real email, company directory)
- Any misspelling or almost-correct address → treat as suspicious and report to Admin
What is a “dirty” / suspicious email?
Be careful if the email:
Do
Do not
Reminder — Tree systems
- Visa card payment info is handled by the payment gateway — Tree systems do not store card details
- Nobody from IT / Admin will ask for your password by email
- Software install requests go to Admin / IT — do not install from email links
If you clicked a bad link or opened a bad file
- 1 Stop using the PC for sensitive work
- 2 Disconnect from network if Admin asks
- 3 Tell Admin immediately (Level 1)
- 4 Change password if Admin / IT instructs
- 5 Do not hide the incident — early report reduces damage
How to report
- Contact: Admin (Level 1)
- If needed, Admin escalates to outsourced IT (Level 2)
- Optional: fill Incident Report Form