Information Technology A to Z Index IT Service Support Request

6 Ways to Combat Phishing

phishing

What is phishing?  It is the use of email spam (unsolicited email) to trick people into disclosing financial or identity information like credit card information, usernames and passwords, etc.  Most come via email, but can come over the phone (Vishing) or as a text message (SMiShing).

Why do I receive so many?  Many times the number you see is dependent on the size of the organizations you belong to.  For example, a university the size of Eastern will see way more than a smaller college just because of the number of people who can be hacked and the amounts of data that can be stolen.  Or if you work for Google you would see more than a small business you might work for with 10 employees.  Size matters.

How can I combat these attempts?

  1. NEVER give away personal information--especially your username and password.  EKU will never ask for such information in a legitimate communication.
  2. HOVER your cursor over hyperlinks to check the URL (web address).  DO NOT click it until you verify whether the URL is legitimate.  HINT: If the site ends with weebly.com or sitey.com they are NOT from EKU.  
  3. KNOW the tell-tell signs that are give always such as: (a) the reply address is from someone you don't know or a student account @mymail.eku.edu; (b) the message is not personalized; or (c) there are grammatical and spelling errors.
  4. IF it sounds too good to be true, it probably is. OR if there is an urgency factor, it is probably fake.
  5. VERIFY details such as addresses, phone numbers, etc. by opening a browser and doing an internet search for a company or organization yourself.  Again, don't click links in suspicious emails.
  6. NEVER open an attachment you receive from any unsolicited emails.  Even be wary of attachments from people you know unless you are expecting something because their account or PC could be infected and sending out random viruses and malware.

Questions, concerns or advice

  1. EKU IT has set up a special email address (spam@eku.edu) that you can forward messages to when you have concerns or questions about them.  We look at each email sent to this account and if it is legitimate, we will tell you.
  2. If you are unsure about a message, DO NOT RESPOND.  Instead send it to EKU IT: spam@eku.edu
  3. Keep up-to-date on the phishing attempts we see by following us on Twitter or monitoring this page.

If it's too late...

If you responded to a suspicious email message and provided your password, you should immediately change your password in EKU Direct and scan your computer for spyware and viruses.  Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.

Published on April 12, 2017