Phishing

(Click to enlarge)

Phishing is a form of social engineering delivered by email or SMS text. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password and other personal identifying information (PII)

The attacker can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

Spear Phishing

(Click to enlarge)

Spear-phishing attempts target and email or text specific people and organizations. The hackers and spammers attempt to learn information about you so that texts or emails seem to come from somebody you know, whether it be a friend or familiar business. Spear phishing isn't as common as general phishing attempts because they are much more time consuming to make, but spear phishing attempts are often much harder to detect because it is often addressed directly to you, seems to come from a trusted person, and can often bypass traditional security defenses.

Spammers who send spear phishing emails or texts often use social media sites to learn as much about you as they can. If your information is made public, spammers can look through your recent posts and friends list. Make sure you keep your information private and don't accept friend requests from people that you don't know. If you receive a suspicious email or text from a friend requesting personal information, you can always contact the person in a different way to confirm the email or text is legitimate.

Other Types of Phishing

When people refer to phishing, they are most commonly referring to phishing attempts that come over email, however there are a few other types of phishing:

• Smishing - Phishing attempts that come only by SMS (text) messaging. Cell phone users receive a text that usually contains a link or phone number which will then attempt to get personal information from you. Criminals may even send these pretending to be a bank or cell phone carrier.
• Vishing - Phishing attempts that come over phone calls. A few years ago scammers posed as Microsoft support technicians and called consumers, informing them that they needed access to their computer to help remove a "virus" (While in actuality, it is more likely that they were installing some sort of malware). Scammers may also use caller ID spoofing technology to display a false name or number on your phone.

PHISHING TIPS:

• Move your mouse over links in emails and it may show a different address than the one displayed.
• Go to links yourself, rather than clicking on links in emails.
• Don't respond to emails that appear to be official, but come from un-official email addresses.
• Check for slight mispellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com.
• Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
• Be wary of anything that gives a sense of urgency, or states that it requires immediate action.
• Don't click anywhere in suspicious e-mails—even in what may appear to be white space.
• Be wary of too-good-to-be-true offers such as free airline tickets or vacation.
• Don’t open attachments in unexpected or suspicious e-mails or instant messages.
• Don’t send passwords, bank account numbers, or other private information in an email.

Note that KSU does not delete @kent.edu accounts and will NEVER ask for your password through e-mail.

Have I Been the Victim of a Phishing Scam?

If you believe that you have been the victim of a phishing scam, change your password immediately and report it to phish@kent.edu or submit a support ticket. Also, don't forget to check out this website for tips on how to keep your accounts safe. If you are using Gmail, you can also end all other active sessions. This should stop any unauthorized access to your account.