Â鶹ÊÓƵ

Protect Yourself

Know the Signs

Typically, scammers will employ the same few tactics to get you to hand over your information and/or money. Knowing what to look for when you see a suspicious email is one of the biggest steps you can take to avoid phishing attempts.

Scammers will typically do one (or more) of the following:

  1. Impersonate someone who you trust
  2. Urge you to act quickly and instill a sense of urgency
  3. Send you an email or text message that is completely unsolicited
  4. Tell you something too good to be true (ie. you won the lottery)

Remember - Not every phishing attempt will do one of the things listed above. If an email request or notification doesn't seem right, please report it!

Check it!

Most phishing attempts have the same thing in common - the scammer is pretending to be someone that they're really not. Cybercriminals are willing to impersonate anyone and anything to steal money or information (or both)! The first thing you should look for is the sender address. Ask yourself: "Who is really sending me this email?"

Take a look at these two sender addresses:

  1. From: Your Boss’s Name <YourBoss123@gmail.com>
  2. From: Your Boss’s Name <YourBoss@kent.edu>

Even though the name of each sender is the same (being that of your boss in this example), the email address itself is not. The first one is actually being sent from a Gmail address, and the second one is sent from a KSU email.

This tactic is a tell-tale sign of phishing. If you see an email that is doing this in your inbox - ignore it and report it.

Slow Down

Another tactic that scammers will often employ is trying to get you to act quickly without thinking. They typically do this by sending you an email pretending to be from your mail provider, bank, or supervisor. They may claim that there was a paperwork error, and you need to update your information "right away." Another common scam is when you get an email pretending to be from your email provider that claims that your mailbox storage is full or almost full. It will ask you to fill out a form to confirm your account, or to request more space.

This is a real email that was sent to a KSU employee:

A phishing email containing a malicious link.

You may also get an email pretending to be from your supervisor, making some request - sometimes for your cell number or even for money or gift cards. This is generally called a business email compromise (BEC). We have more information about this particular scam on this page!

Not all phish are the same

Usually, the first thing that comes to mind when we think of phishing is an email that asks you to click on a link. Even though this is still a common way that scammers carry out phishing attacks, they are also getting more creative.

In cases where the scammers aren't asking you to click a link, they most likely want a reply from you. By merely replying to a scammer's email, they will know that your email account is working, and that you actively monitor it. Often, in these instances, the scammers will ask you for something other than your username and password. They may ask you for your personal cell phone number, or will continue to message you in order to carry out a more complicated scam.

Report it!

In general, it is always a good idea to be suspicious of any unsolicited requests for your personal information. If you are not sure if an email or text message that you received is legitimate, please report it to us by forwarding it to phish@kent.edu. See our page on reporting phishing emails for more info.

School of Phish

The more you know, the better you'll be at "Fighting the Phish!"

Phishing quiz graphic.

Do you think you can you tell the difference between an innocent-looking email or if it's a phish? Can you spot the parts of a phish and/or know if it contains something malicious designed to steal your money, passwords, and personally identifiable information?

Take this online phishing quiz to test your knowledge and learn how to