Don't Fall for Phishing
What is Phishing?
"Phishing" is when con artists try to trick you into giving out your personal information, such as by impersonating a business or offering a chance to win a prize if you register. It can happen by email, by phone, by an online ad or even by text message.
Examples of phishing messages:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
“You have won a free $500 Walmart gift card. Click here to collect your card.”
“Test the new iPad and keep it when you’re finished. Just use the iPad and tell us what you think. Call us to become part of this exclusive test.”
Don’t Get Caught
The messages may appear to be from organizations you do business with, such as your bank, or a computer company. They might threaten to close your account or take other action if you don’t respond.
Legitimate businesses don’t ask you to send sensitive information through insecure channels. The senders of these messages are phishing for your personal information (e.g., credit card and bank account numbers, Social Security numbers, passwords, etc.) so they can use it to commit fraud.
Don't reply to email, text or pop-up messages that ask for your personal or financial information. Don’t click on links inside the message or call the phone number — even if the message seems to be from an organization you trust. If there’s any question, contact the organization directly, either by calling or typing their real URL (not the one in the message) directly into your browser address window.
Additional Steps for Safety
- Use trusted security software and set it to update automatically.
- Never email personal or financial information. Unencrypted email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, such as a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof and some phishers have forged security icons.
- Don’t provide personal information if you receive a phone call. Instead, look up the organization’s actual phone number and call them back.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
Report Phishing Emails
If you receive suspicious email or text messages that you believe are targeting KU, forward them to firstname.lastname@example.org, and the Information Technology Security Office will investigate.
You also can forward phishing emails to email@example.com, and to the company, bank or organization impersonated in the email.
If You Think You’ve Been Tricked
If you might have been tricked by a phishing email, online advertisement or other attempt, contact the Customer Service Center immediately at (785) 864-8080 or firstname.lastname@example.org.
You also can file a report with the Federal Trade Commission at www.ftc.gov/complaint.