Phishing is when a hacker tricks you into handing over your personal information like credit card numbers, usernames and passwords, social security numbers, etc. Commonly they use “spoofed” emails, fraudulent websites, phone service calls, or phony text messages to full you. Phishing is a type of social engineering attack to gain information about a target.
Use common sense and being cautious can save you from most attacks. For example:
You get an email from the EKU president with just this one question in the body of the message “Are you available?”
Think: Why would they send you something so unexpectedly and with no explanation? That’s because they probably aren’t.
You see a Facebook post that a “Local” or “Well-Known Company” is giving away a $100 gift card, you just have to visit visitmeforgiftcard[dot]godaddy[dot]com to sign up
Think: Why would they use such an unusual web address instead of their official website? They wouldn’t, and the site is more than likely fake.
You get an urgent email from EKU IT that they are about to shut down your email account if you don’t login to a link they provide and give them your username and password.
Think: Why would IT need you to provide that? They are IT and have your username and contact information so if they need you specifically, why wouldn’t they just call?
You get a phone call from someone claiming to be from your credit card company, stating that there has been a suspicious charge on your account and that they need your name, address, and credit card number or they will freeze the account.
Think: How do you know it is a legitimate call from your credit card company? Phone numbers are easily spoofed too! Why do they need all that information? Shouldn’t they have it? How else can you verify it is them calling (sign into their website, find an old statement and call that number or the one on the back of the card)? If they are your credit card company, they won’t mind you waiting to call them back at their official phone number.
First, if you’re unsure about any email you can forward it to EKU IT at email@example.com. We look at every email we receive and if it is legitimate we will let you know.
However, if you become a victim:
If your personal information has been compromised, change any compromised account passwords, contact any financial institutions, etc. You may want to consider contacting a credit agency to put a suspicious activity alert on your credit profile
If you believe your university information may have been compromised, contact the IT Service Desk immediately at 1-859-622-3000