SECURITY ALERT: Phishing emails focus on returning to workplace
Criminals are targeting remote workers with fake emails about returning to work, according to the KU IT Security Office (ITSO). While KU doesn’t appear to have been targeted yet, it is possible that KU faculty or staff may receive these emails in the future.
The fake emails appear to come from an internal department and purport to provide information on returning to the workplace. The emails may include safety protocols and require that employees acknowledge receipt of the message by completing a form. The email may include an attachment or links to a fake web page that impersonates the organization’s internal messaging system and human resources department. The intent of the phishing email is to steal your login credentials.
To protect yourself, make it a habit to closely check the “from” address on emails you receive, especially those that ask you to take action by opening an attachment or clicking a link. Criminals trick recipients by including the name of a legitimate organization in fake email and web addresses. The email address or link may look real at first glance, but closer examination shows it is fake. For example, a fake “from” address may be represented as or
What should you do?
Microsoft Outlook provides a new way to report suspicious or spam emails. Beginning Monday, Dec. 14 in your Outlook ribbon, you will see a “Report Message” button in the desktop client or a “Junk” button when accessing email online. Clicking on the button opens a menu with options to report “Junk” (spam) or “Phishing” messages.
Outlook desktop client:
Office 365 Outlook in web browser:
We encourage you to use this self-service option in Outlook to report suspicious or spam emails, as it provides the fastest way to block harmful and annoying messages.
Note: If you click on a link or open an attachment in a suspicious email, we encourage you to contact ITSO immediately at email@example.com.
To learn more about how to spot malicious emails, visit Stay Safe Online by the National CyberSecurity Alliance. If you have questions or concerns about email protections at KU, contact the IT Security Office at firstname.lastname@example.org.