|
1. 【社交工程】假冒「法院行政訴訟」釣魚信件頻發,切勿點擊附件
- 摘要: 數發部資安署示警,近期有大量偽裝成「行政訴訟起訴狀」或「法院通知書」的釣魚郵件寄至政府與學術機關。信件內含假案號以製造急迫感,誘騙同仁點擊連結並下載惡意檔案。
- 建議行動:法院正式公文通常以紙本掛號寄送。若收到此類電子郵件,絕對不要點擊信中連結,請直接前往「司法院網站」輸入案號查證真偽。
- 參考連結:
資安署:駭客寄行政訴訟通知 誘騙點擊下載惡意檔案 (中央社)
2. 【防詐快訊】小紅書遭封鎖後詐騙大減 73%,提醒留意平台風險
- 摘要: 中國社群平台「小紅書」因資安檢測不合格且涉詐案件頻傳,遭內政部發布限制接取命令。打詐中心統計,實施限制後,利用該平台進行的詐騙案件數與財損均大幅下降超過一半。
- 建議行動:了解該平台目前存在的資安與詐騙風險,切勿為貪圖方便而使用 VPN 等工具連線進行交易,以免個資外洩或遭受財務損失。
- 參考連結: 打詐中心:小紅書停止解析後 月平均詐騙件數減少73% (中央社)
3. 【AI 治理】歐盟發布 AI 資安標準,數發部推動風險分類框架
- 摘要: 歐洲電信標準協會 (ETSI) 發布了全球通用的 AI 資安標準 (EN 304 223),防範資料毒化與提示注入等威脅。同時,台灣數發部也正擬定「AI風險分類框架與檢核表」,協助各機關盤點 AI 應用的技術缺陷與社會衝擊。
- 建議行動: 若校內/單位內有計畫導入或開發生成式 AI 系統,建議留意數發部後續發布的檢核表,以落實資料保護與風險評估。
- 參考連結:數發部AI風險分類框架 勞動部金管會等4部會擬先檢視 (中央社)
1. [Social Engineering] Frequent Phishing Emails Disguised as "Administrative Litigation", Do Not Click on
Attachments
- Summary: The Administration for Cyber Security (ACS), MODA, warns that a large number of
phishing emails disguised as "Administrative Litigation Complaints" or "Court Notices" have recently been sent
to government and academic institutions. The emails contain fake case numbers to create a sense of urgency,
tricking colleagues into clicking links and downloading malicious files.
- Action Required: Official court documents are usually sent via registered mail in paper
form. If you receive such an email, absolutely do not click on the links within it. Please go
directly to the "Judicial Yuan Website" and enter the case number to verify its authenticity.
- Reference:
href="https://www.cna.com.tw/news/ahel/202603090110.aspx">ACS: Hackers Send Fake Administrative Litigation
Notices to Trick Users into Downloading Malicious Files (CNA)
2. [Anti-Fraud Alert] Scam Cases Drop by 73% After Xiaohongshu Blocked, Please Remain Aware of Platform
Risks
- Summary: The Chinese social media platform "Xiaohongshu" has been restricted by the
Ministry of the Interior due to failing cybersecurity tests and frequent involvement in scam cases. According to
the Anti-Fraud Command Center, after the restriction was implemented, both the number of scam cases and
financial losses related to the platform have dropped by more than half.
- Action Required: Be aware of the current cybersecurity and fraud risks associated with the
platform. Do not use VPNs or other tools to connect and conduct transactions just for convenience, to avoid
personal data leaks or financial losses.
- Reference: Anti-Fraud Command
Center: Monthly Average Scam Cases Decrease by 73% After Xiaohongshu Resolution Stopped (CNA)
3. [AI Governance] EU Releases AI Cybersecurity Standard, MODA Promotes Risk Classification
Framework
- Summary: The European Telecommunications Standards Institute (ETSI) has released a globally
applicable AI cybersecurity standard (EN 304 223) to prevent threats like data poisoning and prompt injection.
Meanwhile, Taiwan is Ministry of Digital Affairs (MODA) is drafting an "AI Risk Classification Framework and
Checklist" to help government agencies assess the technical flaws and social impacts of AI applications.
- Action Required: If your school/department plans to adopt or develop generative AI systems,
it is recommended to pay attention to the upcoming checklists released by MODA to properly implement data
protection and risk assessment.
- Reference:MODA is AI Risk
Classification Framework: Ministry of Labor, FSC, and Two Other Ministries to Conduct Initial Review
(CNA)
|