Phishing Tips | SecureIT | Kent State University

Phishing Tips

Detect Phishing Emails

  • Move your mouse over links in emails and it may show a different address than the one displayed.
  • Phishing emails often have generic greetings and signatures such as "Dear User" and "Sincerely, IT Helpdesk," etc.
  • Don't respond to emails that appear to be official, but come from un-official email addresses.
  • Be wary of anything that gives a sense of urgency, or states that it requires immediate action
  • Be wary of too-good-to-be-true offers such as free airline tickets or vacation
  • Be wary of SMS messages that says it is from "5000" or some other number that is not a cell number. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number

Note that KSU does not delete @kent.edu accounts and will NEVER ask for your password through e-mail, so be wary of anything that says otherwise

Please report any scams you receive by submitting a support ticket. Be sure to include a copy of the original email and the email headers. (What are email headers?)

 

Detect Phishing Websites

  • Check for slight mispellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com
  • Check that you are on a kent.edu website - Just because the word "Kent" is in the web address doesn't mean that it is a legitimate website for Kent. For example: kent.weebly.com and kent.edu.weebly.com are not valid kent.edu websites.
  • Be wary of pop-ups - Some phishing sites may take you to a legitimate website, but then prompt you for your username and password.
  • Submit a fake password - Sometimes a phishing website will capture whatever credentials you enter, whether you enter them correctly or not. If you get directed into the website after purposely submitting wrong information, don't submit any more information and close your browser. However, just because a website displays an error message upon entering incorrect credentials doesn't automatically make it a legitimate website. Some phishing sites will always display an error no matter what you enter
  • Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.

 

Best Practices

  • Don’t enter sensitive or personal information on unsolicited websites or popup windows.
  • Go to links yourself, rather than clicking on links in emails
  • Don't click anywhere in suspicious e-mails—even in what may appear to be white space.
  • Don’t open attachments in unexpected or suspicious e-mails or instant messages.
  • Don’t send passwords, bank account numbers, or other private information in an email.
  • Don't accept social media friend requests from people you don't know
  • Don’t provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Look for 'https://' and a lock icon in the address bar before entering any private information on a website 
  • Install and regularly update an anti-virus program that can scan email.
  • If an email from a friend or colleague looks suspicious, call them and ask if the email is legitimate
  • Call your financial institutions directly using the number found on the back of your credit/debit card or your monthly statement
  • If a person is requesting for personal information from an unrecognized number, ask for a case number and then call back through the main number.
  • Never use your KSU credentials (username/password) to login to other non KSU websites
  • When in doubt about an email contact the Office of Security and Access Management or your LAN Administrator/network support person.
  • Never respond to a request for your password sent by e-mail, even if the request appears legitimate.
© 2019 Kent State University All rights reserved.