Phishing
Phishing is a form of social engineering delivered by email. Phishing scams appear to originate from a trusted source to trick you into entering your credentials, revealing personal identifying information (PII), or sending money to them.
The attacker can then use this information to access your accounts, gather additional private information about you in an attempt to steal your identity, and make purchases or apply for credit in your name.
You can learn more about phishing and social engineering by reading the information here.
Phishing Tips
- Move your mouse over links in emails and it may show a different URL than the one displayed.
- If you are encouraged to click a link that claims to lead to a legitimate site (such as Amazon), look online for a trusted URL leading to that site instead.
- Check the sender address to verify that the email comes from an official source.
- Check for slight mispellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com.
- Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
- Be wary of anything that gives a sense of urgency, or states that it requires immediate action.
- Don't click anywhere in suspicious emails—even in what may appear to be white space.
- Be wary of too-good-to-be-true offers such as free airline tickets or vacation.
- Don’t open attachments in unexpected or suspicious emails or instant messages.
- Don’t send passwords, bank account numbers, or other private information in an email.
Note that Kent State will NEVER ask for your password through email.
For more advice on how to avoid phishing scams, visit our Fight the Phish page!
Have I Been The Victim Of A Phishing Scam?
If you believe that you have been the victim of a phishing scam, change your password immediately and report it to phish@kent.edu or submit a support ticket. Also, don't forget to check out our account security article for tips on how to keep your accounts safe. If you are using Gmail, you can also end all other active sessions. This should stop any unauthorized access to your account. Instructions on how to end active session in Gmail can be found here. You can also end active sessions in Outlook by following the instructions here.
When a victim of a phishing scam, it's common practice for the hackers to change your signatures, forwards, filters, and other settings. If you believe you fell victim to a scam, we recommend checking the following settings in your mail client.
- A signature for an email is text that is automatically inserted at the end of an email. It is usually something you choose to set up. Make sure it is not an unfamiliar one setup.
- Forwards can be set up to automatically forward to another email address. Make sure it is not forwarded to unknown address without your permission.
- Inbox rules/filters can be used to automatically sort or delete anything in your inbox or sent box etc. Scammers can use it to re-direct/hide their messages.
- Check all of the folders in your email account - sometimes the malicious actor may create new folder to store messages they sent/receive or put them into the Trash when using your account to perform scams.
 
					