Phishing and Scams

Spear Phishing  is a form of Social Engineering, and it casts out emails to a targeted group.  It targets specific individuals/group this way the attackers can customize their communications and make them appear more authentic. They will often have some inside information on their targets, by either social engineering, or researching through websites, social sites etc...  They might already know your name, or your hometown, your bank, or your place of employment and this information is easily accessed via social media profiles and postings. Then they send e-mail that looks like the real thing to you, offering all kinds of reasons why they need your personal data. That bit of personalized information they have adds a lot of credibility to the email.  Spear phishing works because they're believable.

In these campaigns, attackers target an individual or a group of people holding a high degree of authority within an organization, such as managers or executives.

They make it sound urgent and legitimate and give you enough information to look like they are real.  They will ask you to click on a link inside the email and it will take you to a phony website that might look real and have you provide passwords, account numbers. user IDs etc...

Spear phishing is a simple, yet targeted and dangerous email based cyber-attack. Unlike normal phishing methods which require zero research by the attacker, spear phishers usually do their homework beforehand: the victim’s social media accounts, their position within the company, who they might work with, even other private data like home address or telephone number which could come from previous phishing attempts. Spear phishing is often used in attacks with high-profile targets, such as CEO fraud, or business email compromise.

You have probably seen a spear phishing email before (see examples below):

• Could you please log into your file sharing account and review the following document, proposal, file etc...
• We noticed an issue with your social media account.  Follow the attached instructions to fix the issues as soon as possible.
• There's been unauthorized activity on your bank account. Click here to log in and fix the problem.

Whaling

Whaling is a higher form of a Spear phishing attack where attackers send a message that appears to be from a chief executive officer, the chief financial officer or another C-suite executive.   The attackers will research their targeted individual, collecting personal information from online profiles, social media accounts etc...

The email the attacker creates what will look identical to an email from a legitimate business/university, making it difficult to spot as a "phish".  These whaling email messages will typically ask recipients to make wire transfers to vendors who turn out to be fraudulent, to reveal sensitive business information or employee data that hackers can use to steal identities, gain access to business systems, or visit a spoofed website or even send payroll files to a spoofed email address.  If you visit the spoofed website, or it may even ask you to enter sensitive information like passwords, bank account numbers, or Social Security Number.

How do you recognize a whaling email?

• Request for a transfer of funds or sensitive information.
• Urgent or threatening tones that is intended to make you act quickly and not take time to talk to anyone about it or double-check for information about it.
• The senders email address in a whaling email may have the person's name on it but the email address itself will be slightly altered to look real.
• For example, an email from [your boss's name].Kent.edu@gmail.com

If you suspect you have received a whaling attack, spear phishing or phishing email - you should report it immediately to phish@kent.edu!

Business Email Compromise (BEC)

Phishing that involves a business email compromise exploits the fact that so many people use and rely on email to conduct business both personally and professionally. It is a sophisticated kind of phishing attack that involves the "attacker" using spear phishing to gain access to high level executive and CEO accounts, which they then can use to request fraudulent invoices from employees etc.

In a BEC scam, scammer sends an email message that appears to come from a known source making a legitimate request.  Examples would be: 

• A "vendor" emails you and sends an invoice with an updated mailing address.
• Your "Boss" emails and asks you to purchase dozens of gift cards for them, because they are tied up in a meeting and cannot use the phone.

How do you protect yourself?

• Be careful with what information you share online or on social media.  Such as family members names, birthdays, pet names schools attended etc...
• Don't click on anything in an unsolicited email or text message asking you to update or verify account information.
• CAREFULLY EXAMINE your email addresses, URL, and spelling used in any correspondence you receive.
• Be super wary if the requestor is pressing you to make urgent decisions quickly.
• Verify verify verify purchase requests or payments by calling the person or company directly to make sure it is legitimate.

Spoofing

Email Spoofing is the creation of email messages with a forged sender address. In other words, the scammer/phisher disguises an email address, sender name, phone number or website URL to convince you that you are interacting with a trusted source.

STOP and look at the email address closely before you reply; if it's suspect, report it.  Spoofing attacks use email addresses, sender names, phone numbers, or website URLs that are disguised as a trusted source.  Cybercriminals want you to believe these spoofed communications are real to lead you to download malicious software, send money, gift cards or disclose personal, financial, or other sensitive information.

You can learn more about how cybercriminals use spoofing in their scams here.

Scammers are always trying to create new tactics to use against their targets. A recent phishing scam that has targeted Kent State University is the financial aid phish. This scam claims that you have unclaimed financial aid or refunds, but you won't receive the money until you verify some of your sensitive personal information. In this article, you will learn how this scam works, how to recognize it, and what to do if you encounter one.

How Does This Scam Work?

There are several variants of this scam, but they all follow a similar pattern. The scammer will first send you a phishing email, often from a generic email address, such as a Gmail address. The email will claim to originate from Kent State or one of the services used for student banking, such as BankMobile. There will be a message, either in the body of the email or attached as a document (Word document, PDF file, TXT file, etc). The message's wording will be different between scams, but will usually claim that you must claim your funds quickly by clicking a link or calling a phone number to verify your information.

Once you click this link or call the number, you will be asked for a great deal of sensitive information. This can include your full name, your personal email addresses and phone numbers, your FlashLine and BankMobile passwords, and even your social security number. If you provide your contact information, you may also be contacted by the scammer, who will ask you for additional information and details about any multi-factor authentication (MFA) that you have set up on your accounts.

If the attacker is able to obtain this information from you, they can gain access to your FlashLine and BankMobile accounts. They will be able to see any banking information that you have stored there, including account numbers. They can use this to withdraw money from your accounts. Furthermore, with your name, age, and social security number, there is a strong chance that they will attempt to steal your identity. Attackers can use your identity to make purchases and open lines of credit in your name.

How Can I Recognize This Scam?

This is a very dangerous scam that can lead to theft of your funds and identity. Therefore, it is important to know the signs of this scam, its red flags, and how to detect them. The most common red flags in these scams are as follows:

• Unusual sender: If you receive an email asking you to provide information regarding your university-related finances, check the sender's email address. Kent State University, BankMobile, banks, and other legitimate organizations and financial services will send emails using addresses that they own, not a personal email address like a Gmail or Outlook address.
   
• Asked to click a link: Does this email ask you to click a link? Before you do, hover over the link to see where it really leads. This scam will often ask you to click a link, which will lead to a webpage that asks for your information. If you hover over the link and see that it leads to an unfamiliar website, or somewhere different than where the message claims it leads, do not click the link.
   
• Odd formatting: Was the email sent to you with nothing in its body? Does it have strange wording or mispellings? Does it contain an oddly-named attachment and lack any branding or logos? Poor formatting and misspellings are red flags that indicate the message was not sent from a legitimate and trustworthy source.
   
• Asked for sensitive information: Does the email ask you for your account's credentials, such as passwords or MFA information? Are you told to supply your social security number, date of birth, and other personal information? Legitimate companies will never ask for your password, which includes Kent State. Never provide your password to any email, text, or document that asks for it. Also, do not provide sensitive personal information to untrusted sources. If you cannot verify that you are sending information through a secure service (such as a company's official website) or talking with a legitimate representative of that company, do not send any information.

The screenshots below shows a real example of a financial aid phishing email that was sent to a member of the Kent State University community. Can you spot all of the red flags in this message and its attached file?

What Should I Do If I Get This Scam?

The best thing for you to do when you get this scam is to report it! Forward the email you received to phish@kent.edu so that our team can remove the message from the mail system. This helps protect anyone else who may have received the email from falling victim to the scam. You can also report the scam to the companies that the email was trying to impersonate, such as BankMobile or your bank. You can read more ways to report phishing emails here.

If the scammer tried to contact you with a text message, you can block their phone number and report the message to your cellular service provider.

Once you have reported the scam, it is best to simply delete the email or text without responding to it.

I Fell Victim to This Scam

If you believe you may have fallen victim to this scam, you will need to contact Kent State University's security team immediately at security@kent.edu or 330-672-5566. If you provided any information about your accounts with your bank or another financial service, you will need to contact your bank and the other financial services involved as soon as possible.

You can read more details about recovering from a scam and securing your accounts here.

A frequently-reported scam targeting Kent State is the job offer scam. In this scam, a very tempting job is offered to you in exchange for your account's password or your personal information. The FTC reported that, in 2024, over $500 million was lost to scams of this nature. This type of scam has also recently increased in popularity in the United States amidst a rapidly-changing job market. Read on to learn how this scam works, what the attackers are after, and how to avoid falling victim to the scammers!

How It Works

You will receive an email from one of several possible sources: a spoofed address, a compromised account from a charity group, or a compromised KSU email. All three options may be used by the scammer to make themselves seem reputable. The subject will encourage you to read the job offer inside, sometimes specifying that it is for students or staff, depending on which group the attacker wants to target.

This email will contain a job offer that claims you can work only one or two hours per day and will receive hundreds of dollars in return. Most scams will also offer a remote option. The scammer will then ask you to click a link that takes you to an application form. This form may ask for information such as your name, address, bank account information, and even your password.

Note: with the use of multi-factor authentication (MFA), your account may remain under your control. You can read more about MFA and its benefits here!

The Scam

Another variant of this scam occurs when the scammer asks for your financial information. Here, the scammer will claim that you have been hired and asks you to make a purchase or charitable donation on their behalf, trying to appeal to your emotions. Alternatively, you may be asked to send money for training or equipment fees. They will promise that the wages you receive from them will be enough to reimburse you. However, if you make the purchase or donation, you will actually be sending money to an account controlled by the scammer.

The scammer may eventually send you a check for your wages, though this check will be fraudulent. Within a few days at most, your bank will recognize the illegitimacy of the check. Ultimately, you will receive no payment from the scammer and will have lost a large sum of your own money. In general, a job is likely fraudulent if you are required to make a money transfer prior to starting work.

Naturally, this scam can also spread through social media. The scammer will send messages to individuals or groups online and offer their job. If you begin messaging this scammer privately, they will begin asking you for personal information or request that you install another messaging app onto your device. If an unfamiliar individual online tries to offer you a job without proving their identity, report and block them immediately.

What Should I Do?

If you are searching for a job, it is best to use well-established job boards or platforms during your search. Such platforms include (but are not limited to) LinkedIn and Indeed. If you are looking for a position at a specific organization, use that company's career pages on their official website. Do not trust unsolicited job offers, and ensure that you are verifying every opportunity that you encounter during your search.

If you have given your FlashLine password to the scammer, change your password immediately. You can also configure your account with MFA to make sure that even if your password is in the hands of an attacker, your account may remain secure.

If you find that you are unable to access your account with your current password, this indicates that the scammer has gained access to your account and changed your password. In this case, you will need to contact the Security team at security@kent.edu or 330-672-5566.

If you receive one of these scams in your inbox, report it to phish@kent.edu or follow the instructions on our Report Phishing page!

Examples

This email comes from a compromised Kent State University email address. This means that the Subject line will not say EXT: (which means the email is from an external address), and you will not receive a warning at the bottom of the email to not click any links. This message describes a job that is too good to be true, then offers a link for you to click. In this instance, the link led to a Google Form that asked for your username and password.

This email contains an attachment that claims to represent UNICEF. However, the sender's email does not belong to UNICEF or any charity organization. NOTE: NEVER open attachments from an unknown or untrustworthy source. Report the email with the attachment to phish@kent.edu.

Additional Information

FTC article on scams initiated on social media can be read here. You can also report these scams to the FTC if you encounter them.

UNICEF's statement on scams that impersonate their organization can be read here.

Is that QR safe?

QR codes have been around for a long time, but we've seen them become more useful now as an easy way to share links and websites with each other. Cyber-attacks using QR codes can occur both through email and in the real world.

What is a QR code?

The “QR” in QR code stands for “Quick Response.” It is a type of bar code that uses a series of squares instead of vertical lines. They are useful for quickly sharing information – especially links to web pages.

You can try it by viewing this page on a desktop or laptop and using your phone's camera app to scan the code.

How to scan a QR code on Android
How to scan a QR code on iOS (iPhone)

Please take note of the process for your specific device. Whenever you scan a QR code, pay special attention to the contents of the code before you visit the link.

Remember that QR codes are simply ways to store text in the form of squares instead of regular letters. They are most commonly used for sharing web links. The QR code here simply translates to “Hello there!” and does not contain an internet link.

How malicious QR codes are spread

These days, cyber criminals use QR codes to abuse the convenience they provide.

It is most common to see QR codes with bad links sent through email. The attackers count on your curiosity and short-term reaction to seeing a QR code. The intention is for you to scan the code as it is displayed on your computer screen and visit the malicious website on your phone. This tactic is used to bypass mail filters that may block messages containing dangerous links. From here, the attackers will either try to trick you into signing into a fake login page, or the QR code will be set up to attempt to automatically install malware on your device.

Malicious QR codes can be spread in the physical world too. Always be cautious when scanning QR codes when you’re out and about.

QR codes in phishing emails

Scammers have been known to incorporate QR codes in their phishing attempts. They do this because it allows them to bypass mail filters that would otherwise block emails that contain malicious URLs.

This may come in the form of an email from your bank saying that one of your payments has failed, and you need to download or update their app to resolve the issue. Scammers have also tried the familiar “password expired” and “mailbox full” phishing attempts, but with QR codes. Instead of “Click HERE to sign in,” you may see “Scan this code to sign in.”

How to avoid malicious QR codes

The best way to protect yourself is to understand and treat QR codes just like you would treat an unknown or unfamiliar web link. Get familiar with the way that your device handles QR scanning. Feel free to practice on the codes on this webpage! If you are able to, check the contents of the code before you visit the website. This is the equivalent of hovering over a link with your cursor to check its contents before you click.

Tips to stay safe

• Check the URL before you visit the site
• Always be cautious when providing information to a site you navigated to from a QR code
• Do not download an app from a QR code unless you can verify that it came from your phone’s official app store
• It is safest to use your phone’s built-in QR code scanner instead of unofficial ones
• Always be cautious of requests for payment demanded to be completed through a QR code

Example

Below is an example of a phishing email that uses a QR code to hide its malicious link. Take notice of the sender's email address and the repeated threats of imminent account deletion used in the message. These are two red flags that suggest that the email is a phish.

Smishing is a form of social engineering that exploits SMS, or text, messages. Attackers send text messages claiming to come from legitimate services. These fake text messages can contain links to dangerous webpages, email addresses, or phone numbers.

Just like in email phishing attacks, cyber criminals often play on your emotions to get you to act by creating a sense of urgency or curiosity. They do this by saying you have won a prize, or that you have to “immediately” respond to or else something "bad" happens. This is all an attempt to convince you to provide sensitive information quickly, without realizing it is a scam.

(Click to enlarge)

Spotting and Stopping Messaging Attacks

Here are some questions to ask yourself to spot the most common smishing attacks:

1. Does the message create a sense of urgency, attempting to pressure you into taking action?
2. Is the message taking you to websites that ask for sensitive information, such as a password or your financial details?
3. Does the message sound too good to be true? Think of the iPhone reward example.
4. Does the linked website or service force you to pay using non-standard methods such as Bitcoin, gift cards, or Western Union transfers?
5. Does the message ask you for the multi-factor authentication code that was sent to your phone or generated by your banking app?
6. Does the message look like the equivalent of a “wrong number?” If so, do not respond to it or attempt to contact the sender; just delete it.

Remember:

If you get a message from an official organization that alarms you, call the organization back directly. Don’t use the phone number included in the message, use a trusted phone number instead. Such a number could be found on official documents from that company, or on their website's contact page.

Also remember that most government agencies, such as tax or law enforcement agencies, will never contact you via text message; they will only contact you by physical mail.

How Can I Report a Smishing Attempt?

There are many ways to report smishing attempts, though they depend on which device, app, and service provider you are using. Please visit our Report Phishing page for more information.

Vishing is a phone-based phishing scam aimed at stealing your personal and financial information or gaining access to your devices. Unlike smishing, vishing is done through a phone call where you can hear the scammer's voice, hence the “v” in vishing.

The scammer has two advantages when using a phone to send scams. First, there are fewer security technologies that can detect and stop a phone call attack. Also, voice calls make it much easier for criminals to convey emotion and build trust than by using text.

(Click to enlarge)

Spotting and Stopping Vishing Attacks

The cyber-criminal will often create a sense of urgency to convince you to divulge sensitive information. Keep in mind that cyber-criminals may also use caller ID spoofing, which is a technology to display a false name or number on your phone when they call. They may leave a recorded message in your voicemail or contact you through text and leave you a number that you use to call them back.

During the scam, attackers will use social engineering techniques—like saying you’ve won a prize or there’s a suspicious activity detected in your account—to catch you off-guard and persuade you to disclose sensitive or personal information.

Some of the most common examples include:

• The caller pretends they are from the government and informs you that you have unpaid taxes. If you don’t pay your taxes right away, you will go to jail. The scammer pressure you to pay your “taxes” with your credit card over the phone. This is a scam. The government will send official tax notifications only by regular mail.
   
• The caller pretends to be from a company such as Amazon, Apple, or Microsoft and explains that your computer is infected. They will then pressure you into installing software that gives them remote access to your computer.
   
• An automated voicemail informs you that your bank account or credit card has been canceled, and you have to call a number back to reactivate it. When you call, you get an automated system that asks you to confirm your identity by providing personal information. The scammers are now recording all your information to use it in a case of identity fraud in the future.

How Can I Protect Myself from Vishing Attacks?

The greatest defense you have against a vishing attack is yourself. Scams and attacks over the phone are on the rise. You are the best line of defense when it comes to detecting and stopping them.

There are many ways to report smishing attempts, though they depend on which device, app, and service provider you are using. Please visit our Report Phishing page for more information.

Ready to Retire?

Staff and faculty members who are approaching the age of retirement may begin to receive emails from companies that offer retirement planning services. But are these companies all that they claim to be? In this article, you will learn how to recognize retirement planning services with poor reputations, as well as how to avoid them and which services to use as an alternative.

How Can I Tell if it is Real?

When you receive an email offering a retirement planning service, there are a few things you can do to ensure you are dealing with a legitimate business. First, try searching online for the business's name. Is the company an approved vendor by Kent State's Employee Benefits team? Have customers reported positive experiences with the company online? Has the Better Business Bureau reviewed this company? If the answer to some of these questions is “no,” the company may be a disreputable service.

If the company seems untrustworthy, it is best to block the sender's email address. If you have any doubts about this process or think the email may be a phishing attempt, feel free to reach out to phish@kent.edu.

Examples of retirement planning spam emails are given at the bottom of this page. Sections of each are highlighted to show you what to check when reviewing a retirement planning email.

Note: Even though these companies are not approved vendors and may be somewhat disreputable, most retirement planning emails are considered spam since they come from legitimate businesses and are not attempting to initiate a scam.

Alternatives

If you are interested in planning for retirement, we will again recommend that you consult the Kent State Employee Benefits team's list of university-approved retirement planning service vendors. You can view this list here or contact benefits@kent.edu for more information.

Examples

(Click to enlarge)

The sender's email address belongs to a legitimate business, and the links in this email lead to this business's site. Note that the message specifies that the representatives are not affiliated with KSU. It is best to not click the unsubscribe link; simply block the sender's email address instead.

(Click to enlarge)

This email also contains a legitimate sender address and links, and informs you that the agency is not affiliated with KSU. The information in this email is often publicly available on Kent State's website (your name, position, etc.), so this email does not contain any sensitive personal information.

What Does EXT: Mean?

You may have received emails that contain a brief prefix in their subject line. The subject will begin with “EXT:” and then proceed normally. This prefix indicates that you have received an external email. An email is considered external when it originates from an email address that does not fall within the Kent State University organization.

Internal email addresses, most commonly those that end in @kent.edu, will not contain the EXT: prefix, which indicates that they do originate from within Kent State. The difference between external and internal emails can be seen below.
 

Internal Email

In the example above, an email address within Kent State's organization sent an email to another address in our organization. Since the sending email address is recognized as internal, the message's subject line does not contain an EXT: prefix.
 

External Email

In this example, the email was sent from a personal Gmail address. Since the @gmail.com domain is not considered to be within Kent State's organization, our mail system considers it external. In the subject line, the EXT: prefix is added to reflect this.

This email is also noteworthy because it is a phishing attempt. This was sent from a Gmail address controlled by a scammer, who was attempting to impersonate a dean and faculty member. You can learn more about impersonation scams on this page!
 

External Emails and Phishing

While the EXT: prefix in an email's subject does mean you should treat it with caution, it does not necessarily mean that the email is dangerous. Every email that originates from outside of Kent State University is not malicious. Instead, you should check a few aspects of the email before you interact with it:

• Does the sender's email address look unfamiliar to you?
• Do the contents of the email seem unusual? For example, are you being strongly urged to click a link, open an attachment, or respond with personal information?
• Is this email unexpected or unsolicited?

If your answer to any of these questions is “yes,” then we recommend that you forward the email to phish@kent.edu. This will allow our team to analyze the email, let you know if it is safe or dangerous, and remove it from the mail system if it poses a threat.

On the other hand, an internal email can still be malicious. Throughout the summer months of 2024, Kent State was targeted in a phishing attack that resulted in several accounts being compromised. When the attackers gained control of these accounts, they began using them to send out more phishing messages. This meant that phishing emails were being sent from a @kent.edu email address, leading many to believe that the scammer's message was legitimate. An example phishing email sent during this incident can be seen below:

Conclusion

Emails containing an EXT: prefix in their subject line originate from outside of Kent State. While this doesn't immediately indicate that the email is spam or a phishing attempt, it is a good idea to treat external emails with caution. Remember to ask yourself if the email's sender is unfamiliar, if the message contains unusual content, and if the email itself was unexpected. Doing so is another way to help keep yourself safe online!

One of the most common tactics used by scammers in their phishing emails is to insert a malicious link into their email. These links can be disguised in various ways to seem legitimate, and may even lead to a trustworthy platform that is being used to host dangerous content. In this article, you will learn how to identify malicious links and why clicking them can be dangerous.

(Click to enlarge)

Identifying Malicious Links

Whenever you receive an email containing a link that you are urged to interact with, there are a few things you can do before you click. First, on many mail clients, you can hover your mouse cursor over the link that you are being asked to click. If you are using a mobile device, you may be able to hold your finger on the suspicious link, and the true link will be shown on-screen or copied to your clipboard. NOTE: This functionality is not available on all phones, so check that your device can do this before you attempt it.

You can try this now! Hover over each link below:
https://www.kent.edu/
https://www.kent.edu/

The top link does lead to Kent State's homepage, but the bottom link takes you somewhere completely different: Google's homepage. A scammer can use this tactic to embed a link within certain text that makes it seem like you are clicking a link leading to a trustworthy page. In reality, you will be directed to wherever the scammer wants you to go to continue their attack.

You can also determine if a link is dangerous by using the context of the email. For example, if you receive an email from a sender you don't recognize, claiming that you have won a free cell phone and can claim your prize by clicking a link, this is a good sign that the email is a phish and the link is dangerous. You can read more tips about how to spot a phishing email here!

Malicious links can start with HTTPS or HTTP. A link starting with HTTPS does contain more security features than a link using HTTP, but this does not mean that an HTTPS link can't contain dangerous content. HTTPS only ensures that the information you enter into a website is encrypted in transit, and does nothing to guarantee that the website you are on is safe and legitimate. However, it is important to remember that any time you are entering sensitive information into a website, it should be using HTTPS.
 

What Happens When You Click a Malicious Link?

A malicious link can contain a variety of different contents, though all are dangerous in one way or another. The simple act of clicking a link can immediately install malware onto your system. Malware is malicious software that can wreak havoc on your device and result in compromised accounts or stolen personal information.

In some cases, this malware can gain access to whichever network you are connected to, as well as your contacts. It can use this network connection and/or contact list to spread itself through your organization. This poses a threat to not only you and your account, but to many other people in your organization.

Malicious links can also track who clicked them. This means that the scammer is now aware that your email address is being actively monitored by a human. Picture this scenario: you click a link that leads to a fake login page. You recognize that this page is fake and immediately close it without entering your credentials. Does this mean you are safe? Not entirely. Unbeknownst to you, the link you clicked contained a click tracker that can associate your click with your email address, location, or other information about you and your device. All of this data is now in the hands of the scammer, who may use it in future attacks on you.
 

What Do I Do if I Find a Malicious Link?

If you find a link that you believe to be malicious, or even if you aren't quite sure, do not click this link! It is safest to report the email or message containing the link to phish@kent.edu. Our team will analyze this link and let you know where it leads, as well as whether or not it is malicious. If the link is dangerous and was sent to you in an email, our team can remove this phishing email from our mail system.

File sharing phishing emails are very common. This scam utilizes services such as Google Drive or Microsoft OneDrive to share a file with you. This file will have an important-sounding name, often involving payroll or employee benefits. The scammer will also use an account with an email address that sounds as if it might belong to the university's payroll team, HR department, and other administrative offices. The goal is to get you to click the link and open the file, then complete the tasks within. Read on to learn what these phishing emails look like, what is contained within the shared file, and how to avoid falling prey to one of these attacks!

(Click to enlarge)

The Structure of the Email

File sharing emails can be especially tricky to recognize because they are often sent by a legitimate email address. When a file is shared through email using a Google or Microsoft service, the sender's email address is a generic no-reply address, not the email address associated with the account sharing the file.

Sometimes, the sender may be a compromised account. In this case, the message will come from a trusted account and will be difficult to recognize as a phish. However, there are a few things you can look for. Was the file shared at an unusual time? Were you expecting a file from this individual? Does it relate to your work in any way? If anything about the file seems suspicious, it may be malicious.

The email should contain the name of the file that has been shared with you. What does the title say? If it claims to be full of payroll or benefits information, were you expecting such a message? Were you contacted by the relevant department or organization before receiving this email?

Another important red flag in these phish is the account sending the file. Although the account may have the name of your supervisor or a trusted department, be sure to check the account's email address before clicking the link. Sometimes, the sender may be a compromised account. In this case, the message will come from a trusted @kent.edu account and will be difficult to recognize as a phish. However, there are a few things you can look for. Was the file shared at an unusual time? Were you expecting a file from this individual? Does it relate to your work in any way? If anything about the file seems suspicious, it may be malicious.

If you have any doubts about the email's authenticity, we are here to help! Forward the message to phish@kent.edu. We will respond with an analysis of the email and our recommended next steps for you to take.

What's Inside the File?

This scam is a bit more complex than most. The link to the file shared with you by the scammer may not be malicious, though you still should never risk clicking on a dangerous link. If the link is safe, it will lead to a Google Doc or Microsoft Word document with a message for you. This message may ask for your credentials, personal information, or banking information, and will contain another link or a QR code. This link contains the true danger.

The malicious link in the form (or QR code) will take you to a webpage set up by the scammer. This site may download malware onto your device as soon as you click its link. The site may also display a form or a fraudulent login screen that requests your information or credentials. Once this information is entered and submitted, it is sent directly to the scammer.

What if it's from DocuSign?

A variant of this scam features an email that appears to come from DocuSign, sent on behalf of a university office. These emails often contain malicious links or QR codes that lead directly to the malicious site.

These emails are easier to recognize as scams for one reason: Kent State no longer uses DocuSign for electronic signatures. If you receive an email from an individual claiming to represent a university office or department that asks you to use DocuSign, report the email to phish@kent.edu right away.

What Should I Do?

If you suspect your device has become infected with malware, disconnect it from the university's network and take it to the Tri-Towers Help Desk for inspection. Students and faculty should also reach out to the local support for their department.

If you fell victim to this scam, you will need to change your password immediately by logging into FlashLine, clicking “Settings,” clicking “Update Password,” and entering your current and new passwords when prompted.

If you provided your banking information to the scammer, you will need to contact your bank immediately and tell them all the information that the scammer now has access to.

The email itself can be reported to phish@kent.edu. You can find more information on how to report phishing emails here!

In today's digital age, scams and phishing attempts have become increasingly sophisticated and prevalent. Cybercriminals are quick to adapt their tactics to lure unsuspecting victims into their traps, and one common ruse is impersonating trusted courier services such as the USPS, UPS, FedEx and DHL. These scams are usually executed through text messages or emails, and it's essential to be aware of the red flags and know how to protect yourself.

How it works

Scammers will often use text messages and emails to impersonate services such as the USPS, UPS FedEx and DHL. They may claim that there is missing information for one of your deliveries, or that there is some kind of postage-related issue. These messages can appear surprisingly convincing, complete with official-looking logos and branding.

Remember - you should never receive postage notifications unless you signed up for them. Legitimate postage services will typically only send you messages if you have an account with them and have requested notifications regarding package deliveries or updates. Be wary of any unsolicited messages claiming to be from these services.

Another glaring sign of this scam is a request for your personal information or payment information. Legitimate companies will never ask you to confirm or provide sensitive information such as your SSN, financial details or account credentials over the phone or through email. If a message you received is asking you for this, it is a clear sign of phishing.

Quick Tips

The best course of action to take when you see a phishing message or scam is to report and delete.

How to avoid:

• If you see an unsolicited message in your messaging app with a suspicious link, report it and delete.
• If you have an issue with a delivery, you should reach out to the company directly.
• A legitimate company will never ask you to confirm your information over text message.

If you see a courier scam in your Kent State email account, you can report it to us by forwarding the message to phish@kent.edu.

If you receive a text message that is a scam you can report it:

• Many cellular service providers recommend forwarding the text to 7726 (SPAM).
• Visit the FTC's web page on reporting scams.
• If available, use the “report message” feature in your messaging app.

Example

In this example, the scammer is attempting to impersonate the United States Postal Service. They include a fraudulent link that leads to a known phishing website. This link was used to harvest personal information from those who visited it.

More Resources

US postal inspector's site on SMS scams can be read here.

UPS site on scams can be found here.

In this type of scam, scammers send deceptive emails that appear to be legitimate transaction confirmations from legitimate companies. In scams that target Kent State, the most commonly impersonated company on an invoice tends to be Geek Squad. However, any legitimate business can be impersonated in this scam. These emails typically include details about an immediate subscription renewal or an order that you have no knowledge of.

(Click to enlarge)

Scammers use fake invoice numbers, renewal dates, and other order details to make the email appear genuine. They also use similar logos and promotional banners to make the email look legitimate, ensuring their target believes them. Furthermore, the scammers will include a fake customer support number that they control and tell recipients to call it if they need assistance with their order.

How Does it Work?

As soon as the recipient calls the provided number, the scammers will claim that a transaction has occurred from the recipient's account. To deceive their victims, the scammers offer to cancel the transaction if you provide them with personal information or access to your computer. If they gain remote access to your personal computer, they may install spyware and steal your personal data and banking credentials.

It's crucial to note that legitimate employees should never ask for passwords over the phone. If you are asked for other sensitive information over the phone, such as your social security number, make sure that you are contacting a trustworthy number.

How to Avoid?

The best way to avoid falling victim to a fraudulent invoice scam is to avoid clicking on links and downloading attachments. If a support number is provided, remember to never call numbers that you aren't familiar with. Also, always remember to avoid sharing personal details with individuals that you don't recognize via email or any other medium.

If you have received an email supposedly from a legitimate business, but have concerns that it might be a scam, forward it to the phish team at phish@kent.edu. You can read more information about how to report an email here!

Examples

Below are some real examples of this email, in both email and PDF form.

This email contains an email address that does not belong to Geek Squad, a link that you can click on, a fraudulent customer support number that you are urged to call, and poor grammar. All of these red flags indicate that this is not a legitimate Geek Squad invoice.

This PDF contains the fraudulent customer support number in three different places. This also shows that your payment will be made to an account registered under a generic Gmail address, which would never be used for real Geek Squad payments.

Phishing attempts are often after your personal information. This is typically in order to more easily commit other crimes, or to engage in fraud against you. Scammers will come up with elaborate strategies in order to steal money or financial information from you.

Tutoring Scam

The tutoring scam will often target professors and graduate students who teach math or music. The scam will often begin by asking for available times and a price. Usually, the scammer will say that their son/daughter is in the 7th or 8th grade and needs tutoring for algebra or a musical instrument.

Here's a real-world example of this scam that was sent to a graduate student:

If the scammer gets a reply, they will immediately ask for a price, and an address to send a check. Once that information is provided, they will come up with an elaborate story about how they accidentally sent a check for more money than you had agreed to. They will then ask you to cash it and then send the difference back.

The trick here is that the check that they send you in the mail is fradulent and will bounce. By this time, they expect that you had sent a check with your own money to make up for the difference in price. Your bank may even show that the money was deposited into your account.

Scams targeting international students

Unfortunately, scammers sometimes target international students at Kent State. The scammers will often make initial contact to the student by phone call, text message or email. They will claim to work for a US government agency such as the Social Security Administration (SSA), Internal Revenue Service (IRS), Federal Bureau of Investigation (FBI) or Immigration and Customs Enforcement (ICE). Caller ID information is often spoofed, meaning the victim may get a call with the caller ID appearing to be from a US government agency.

The scammers will threaten the victim with arrest, deportation, or heavy fines. They may claim that the victim has not filed some critical paperwork, that the victim's visa has expired, or that the victim's information has been fraudulently used. They may even claim that the victim has only a matter of hours to resolve the issue.

Please note: US government agencies will never contact you by phone call, text message or email.

The victim will be led to believe that they will need to pay money in order to clear up a filing error or renew some paperwork. Sometimes, scammers will even threaten the victim with arrest if a fine is not paid. They will ask for personal information and may even request banking details. In some versions of this scam, the victim may be asked to pay by purchasing gift cards.

Tech Support Scams 

Tech support scammers want you to believe you have a very serious problem with your computer, such as a major virus. You may receive a request either by a pop-up window, an email, or even possibly a phone call from "tech support" telling you that your machine is infected, and it needs to be fixed right away.  They will ask you for a payment to fix the defects or even remote access to your computer. Often, they will ask you to pay by wiring money, putting it on a gift card, prepaid card or cash reload card, or to send money using a money transfer app like Venmo or Cashapp.

One thing that sets these scams apart for ordinary phishing is that they are often harder to detect and more complicated. Being aware is the first step to help make sure that your information is secure, and that your money is not stolen. 

Remember: If you get a phone call you weren't expecting from a person who says there's a problem with your computer - Hang up!

Keep these things in mind to avoid a tech Support Scam:

1. Legitimate tech companies will not contact you by phone, email or text message to tell you there is a problem with your computer.
2. Security pop-up warnings from real tech companies will never ask you to call a phone number.

Pop-up Warnings

Tech support scammers may even try to lure you into their trap with a pop-up window that appears on your computer screen. It might look like an error message from your operating system or antivirus software, and it might use logos from trusted companies or websites. The message in the window warns of a security issue on your computer and tells you to call a phone number to get help. See example below:

​​​​​​​If you get this kind of pop-up window on your computer, do not call the number! 

If you think there may be a problem with your computer, you should update your computer's security software and use it to run a scan. If you need help fixing a problem, go to someone you know and trust. Many software companies offer support online or by phone. Stores that sell technical equipment will offer technical support in person. The most important thing is to reach out to someone who you trust.

Google Voice Scam

Scammers will target people who post things for sale on sites such as Craigslist and Facebook Marketplace. They will also target people who post online that they are looking for help finding their lost pet.

You may be contacted by someone who says that they want to buy something that you advertised for sale or that they found your lost pet. Once they have your attention, they will start to use social engineering on you. They will ask you to "verify" your identity before they commit to sending you money for a purchase or return your lost pet. The scammer may tell you that they have heard about fake online listings and want to verify that you really are the person you say you are.

They will tell you that the verification will happen over text message. You will then be sent a Google Voice verification code and, which the scammer will request you to send back to them. If you give them the verification code, they will use it to create a Google Voice number that is linked to your phone number. The Google Voice services provides a phone number that can be used to make calls or send text messages from a web browser or a mobile device. Now, a Google Voice account that is linked to your number can be used by the scammer to run other scams.