Phishing and Scams

(Click to enlarge)
Don't Get Hooked Poster

Phishing is a form of social engineering delivered by email or SMS text. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password and other personal identifying information (PII)

The attacker can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

Spear Phishing

(Click to enlarge)
Phishing Threats are Real and Everyone is a Target

Spear-phishing attempts target and email or text specific people and organizations. The hackers and spammers attempt to learn information about you so that texts or emails seem to come from somebody you know, whether it be a friend or familiar business. Spear phishing isn't as common as general phishing attempts because they are much more time consuming to make, but spear phishing attempts are often much harder to detect because it is often addressed directly to you, seems to come from a trusted person, and can often bypass traditional security defenses.

Spammers who send spear phishing emails or texts often use social media sites to learn as much about you as they can. If your information is made public, spammers can look through your recent posts and friends list. Make sure you keep your information private and don't accept friend requests from people that you don't know. If you receive a suspicious email or text from a friend requesting personal information, you can always contact the person in a different way to confirm the email or text is legitimate.

Other Types of Phishing

When people refer to phishing, they are most commonly referring to phishing attempts that come over email, however there are a few other types of phishing:

  • Smishing - Phishing attempts that come only by SMS (text) messaging. Cell phone users receive a text that usually contains a link or phone number which will then attempt to get personal information from you. Criminals may even send these pretending to be a bank or cell phone carrier.
  • Vishing - Phishing attempts that come over phone calls. A few years ago scammers posed as Microsoft support technicians and called consumers, informing them that they needed access to their computer to help remove a "virus" (While in actuality, it is more likely that they were installing some sort of malware). Scammers may also use caller ID spoofing technology to display a false name or number on your phone.


  • Move your mouse over links in emails and it may show a different address than the one displayed.
  • Go to links yourself, rather than clicking on links in emails.
  • Don't respond to emails that appear to be official, but come from un-official email addresses.
  • Check for slight mispellings - in the URL, company name, etc. For example, instead of
  • Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
  • Be wary of anything that gives a sense of urgency, or states that it requires immediate action.
  • Don't click anywhere in suspicious e-mails—even in what may appear to be white space.
  • Be wary of too-good-to-be-true offers such as free airline tickets or vacation.
  • Don’t open attachments in unexpected or suspicious e-mails or instant messages.
  • Don’t send passwords, bank account numbers, or other private information in an email.

Note that KSU does not delete accounts and will NEVER ask for your password through e-mail.

Have I Been the Victim of a Phishing Scam?

Computer Phishing EmailsIf you believe that you have been the victim of a phishing scam, change your password immediately and report it to or submit a support ticket. Also, don't forget to check out this website for tips on how to keep your accounts safe. If you are using Gmail, you can also end all other active sessions. This should stop any unauthorized access to your account.

What Are Scams?

Scams come in many forms and are a type of social engineering to either gain your personal identifiable information (PII), or steal your money. They are getting more and more sophisticated, particularly when it comes to targeting you online and through mobile devices. It’s important to know how to recognise a scam so you can protect yourself from fraudsters.

Note that KSU does not delete accounts and will NEVER ask for your password through e-mail, so be wary of anything that says otherwise

Please report any scams you receive to

How To Detect a Scam?

  • Scammers pretend to be from organizations you know
  • They pretend that you won a prize or that there is a problem
  • Scam calls will usually pressure you to act immediately
  • If it sounds too good to be true, then it probably is
  • Scammers will tell you to pay in a specific way

Steps To Avoid Scams

  • Don’t give out any personal information 
  • Resist pressure
  • Block unwanted calls or messages
  • Don't click on any pictures, links, or white spaces in a suspicious email
  • Stop and talk to someone before taking action or giving out any information

Please refer to the Federal Trade Commission (FTC) site to read more about common scams and how to report them. 

Current Ongoing Scam Methods... 

One of the most used scams during this time is extortion. This is done when someone is trying to get money by force, threats, or blackmailing. Most of the time, the person blackmailing will try to force the recipient into thinking that he has accessed some of their private information such as passwords or photos/videos and is willing to send it to their contacts or publish them online, when in reality, they are just trying to get the recipient to comply with their request for the money. Usually, the extortionist will have a bitcoin wallet address in the email asking for a wire transfer to them through that given wallet address. If you receive an extortion email, make sure to do the following:

  • If the email contains passwords, change the password for any account that has a similar password 
  • NEVER comply with any requests in the email
  • Report the email to 
  • If you have been a true victim of extortion/sextortion, you can file a complaint with the Internet Crime Complaint Center (IC3)

To read more about this topic, please visit the FBI's Scams and Safety page for more information. 

When a victim of a phishing scam, it's common practice for the hackers to change your signatures, forwards, filters, and other settings.

  • A signature for an email is text that is automatically inserted at the end of an email. It is usually something you choose to set up. Make sure it is not an unfamilar one setup.
  • Forwards can be set up to automatically forward to another email address. Make sure it is not forwarded to unknown address without your permission.
  • Inbox rules/filters can be used to automatically sort or delete anything in your inbox or sent box etc.  Scammers can use it to re-direct/hide their messages.
  • Check all of the folders in your email account - sometimes the malicious actor may create new folder to store messages they sent/receive or put them into the Trash when using your account to perform scams.

Learn how to check for these changes in the following clients:

GmailOutlook 2013 and 2016Outlook Web App