If you’ve used e-mail for any length of time, you’ve likely encountered a phishing message. A phishing message can be defined as any message that attempts to entice or coerce you into giving up sensitive information to someone who should not have it. Phishing messages may ask for different types of data, but they all have a few consistent features:
They will use scare tactics or threats to get you to reply before you’ve had a chance to think. “Your account will be suspended.” “We must determine your continued eligibility.” “If we do not hear back from you, all of your e-mail will be deleted.”
They will “borrow” graphics, language, or names to look legitimate. Many phishing messages purport to come from the “KU Help Desk” or “E-Mail Team.” Some go to the trouble of downloading graphics from a legitimate business’ Web site and using formatting to look legitimate.
They may use poor English. Savvy bad guys have begun using native English speakers to draft their messages.
They will always ask for information the business already has. Your bank does not need to “validate” your account number. KU will never ask you to verify your eligibility for an e-mail account.
Phishing messages won’t always occur over e-mail. They may arrive via text message, voicemail or even snail mail.
Phishing messages tend to ask for valuable bits of data like passwords, bank account numbers, Social Security Numbers or other types of sensitive data. If you receive a message asking for information, stop and think:
Should this organization already have the information this message is requesting?
Have I ever done business with this company?
Am I expecting to hear from this company about my account?
Does this feel “off” somehow?
Depending on your answers to those questions, it is probably best that you contact the organization in question. This may even mean that you hang up on a caller and say, “I will call you back. I want to double-check something.” Use a known-good phone number to verify the message. What is “known-good?” For your bank, it would be the number on the back of your credit card or a number printed on your statement. For the KU Customer Service Center, it is 864-8080. A “known-good” number is never a number left on an answering machine, sent in an e-mail or left on a mobile phone in a text message.
Sometimes, phishing messages ask you to reply with information in the body of an e-mail. Other times, they may ask you to click on a link and fill out a form with the requested information. Even if the link looks legitimate, do not click it. Remember: “When in doubt, type it out.”
Individuals may wish to report phishing messages. If it arrived in your KU e-mail account, send it as an attachment to abuse@ku.edu. If the phish came via the telephone, report it to the Federal Trade Commission at 1-888-FTC-HELP. Never respond to a phishing message, not even to say, “take me off your list.” This lets the phishers know they’ve got a human on the other end of that address. Replying will only serve to increase the amount of spam you get.
If you reply to a phish, don’t panic. Your first step should be to call the organization the phishers were impersonating to report your account may be compromised. If you gave up financial information like an account number or your SSN, you may also wish to file fraud alerts on your credit reports. You can also report the fact that you got phished to the FTC at http://www.ftc.gov/idtheft
Questions about your KU Online ID and phishing should always be directed to the KU Customer Service Center at 864-8080.
Comments
Post new comment