Phishing and Scams
Phishing is a form of social engineering. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password and other personal identifying information (PII)
The attacker can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.
Other Types of Phishing
When people refer to phishing, they are most commonly referring to phishing attempts that come over email, however there are a few other types of phishing:
- Spear - phishing - Attempts made to target and email specific people and organizations. The hackers and spammers attempt to learn information about you so that when they send you an email, it seems as if it comes from somebody you know, whether it be a friend or familiar business. Spear phishing attempts are often much harder to detect because it is often addressed directly to you, seems to come from a trusted person, and can often bypass traditional security defenses.
- Smishing - Phishing attempts that come over SMS (text) messaging. Cell phone users receive a text that usually contains a link or phone number which will then attempt to get personal information from you. Criminals may even send these pretending to be a bank or cell phone carrier.
- Vishing - Phishing attempts that come over phone calls pretending to be calling from the government, tax department, police, or the victim’s bank.
Phishing Tips:
- Move your mouse over links in emails and it may show a different address than the one displayed.
- Go to links yourself, rather than clicking on links in emails
- Don't respond to emails that appear to be official, but come from un-official email addresses.
- Check for slight mispellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com
- Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
- Be wary of anything that gives a sense of urgency, or states that it requires immediate action
- Don't click anywhere in suspicious e-mails—even in what may appear to be white space.
- Be wary of too-good-to-be-true offers such as free airline tickets or vacation
- Don’t open attachments in unexpected or suspicious e-mails or instant messages.
- Don’t send passwords, bank account numbers, or other private information in an email.
Note that KSU does not delete @kent.edu accounts and will NEVER ask for your password through e-mail
Have I Been the Victim of a Phishing Scam?
Often times victims of phishing scams receive several undeliverable messages, or there will be unfamiliar emails in your sent box. Other times, your signature will be changed or forwards will be set up. Learn how to check for changed signatures and forwards.
If you believe that you have been the victim of a phishing scam, change your password immediately and report it to Phish@kent.edu. Also, don't forget to check out this website for tips on how to keep your accounts safe. To read more about phishing, visit Phish Talk website for more content.
What Are Scams?
Scams come in many forms and are a type of social engineering to either gain your personal identifiable information (PII), or steal your money. They are getting more and more sophisticated, particularly when it comes to targeting you online and through mobile devices. It’s important to know how to recognise a scam so you can protect yourself from fraudsters.
Note that KSU does not delete @kent.edu accounts and will NEVER ask for your password through e-mail, so be wary of anything that says otherwise
Please report any scams you receive to Phish@kent.edu
How To Detect a Scam?
- Scammers pretend to be from organizations you know
- They pretend that you won a prize or that there is a problem
- Scam calls will usually pressure you to act immediately
- If it sounds too good to be true, then it probably is
- Scammers will tell you to pay in a specific way
Steps To Avoid Scams
- Don’t give out any personal information
- Resist pressure
- Block unwanted calls or messages
- Don't click on any pictures, links, or white spaces in a suspicious email
- Stop and talk to someone before taking action or giving out any information
Please refer to the Federal Trade Commission (FTC) site to read more about common scams and how to report them.
Current Ongoing Scam Methods...
One of the most used scams during this time is extortion. This is done when someone is trying to get money by force, threats, or blackmailing. Most of the time, the person blackmailing will try to force the recipient into thinking that he has accessed some of their private information such as passwords or photos/videos and is willing to send it to their contacts or publish them online, when in reality, they are just trying to get the recipient to comply with their request for the money. Usually, the extortionist will have a bitcoin wallet address in the email asking for a wire transfer to them through that given wallet address. If you receive an extortion email, make sure to do the following:
- If the email contains passwords, change the password for any account that has a similar password
- NEVER comply with any requests in the email
- Report the email to Phish@kent.edu
- If you have been a true victim of extortion/sextortion, you can file a complaint with the Internet Crime Complaint Center (IC3)
To read more about this topic, please visit the FBI's Scams and Safety page for more information.
When a victim of a phishing scam, it's common practice for the hackers to change your signatures, forwards, filters, and other settings.
- A signature for an email is text that is automatically inserted at the end of an email. It is usually something you choose to set up. Make sure it is not an unfamilar one setup.
- Forwards can be set up to automatically forward to another email address. Make sure it is not forwarded to unknown address without your permission.
- Inbox rules/filters can be used to automatically sort or delete anything in your inbox or sent box etc. Scammers can use it to re-direct/hide their messages.
- Check all of the folders in your email account - sometimes the malicious actor may create new folder to store messages they sent/receive or put them into the Trash when using your account to perform scams.
Learn how to check for these changes in the following clients:
GmailOutlook 2013 and 2016Outlook Web App