Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. Phishing emails often use urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.
Learn to Spot Phishes
Quick Tip: Check Links Before Clicking
Check the full URL to see if it goes where you expect.
- On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
- On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
Phishing Clues You Can Use
- Generic greetings. Many phishing emails begin with a general greeting, such as "Dear Company member." If you do not see your first and/or last name, be suspicious and do not click on any links or buttons.
- A fake sender's address. A spoofed email may include a forged email address in the "From" field. This field is easily altered.
- A false sense of urgency. Many phishing emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim they are updating accounts and need information fast.
- Fake links. Always check where a link is going before you click. (see Quick Tip above).
- Misspellings and bad grammar. Phishing emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
- Pop-up boxes. Legitimate companies will never use pop-ups as they are not secure.
- Attachments. Like fake links, attachments are frequently used to spoof emails and are dangerous. Never click on an attachment if you are unsure of its origin. It could cause you to download malware.
Where to Report Phish
Phish at EKU
You can report suspicious emails you receive at your university email account (EKU.EDU or myMail) to the firstname.lastname@example.org.
In the unlikely event, the email is legitimate, we will tell you.
If you receive a phish impersonating a bank, retailer, or other institution, please consider contacting them to let them know.
If You Get Caught
If you gave personal information in response to a phishing email or a suspicious webpage, your account may be compromised. Follow these instructions (students). Employees should contact the IT Service Desk immediately - 859-622-3000
If you opened a suspicious attachment, you may have been exposed to malware. Run a virus and/or malware scan immediately.