Be Aware of Suspicious Emails


You’re smart! And, we are an academic community filled with extremely smart people. But even smart people can fall for a phishing or other malicious emails. That’s because being tricked by a malicious email isn’t about intelligence, but rather about awareness and observation.

Phishing is when an email message tries to trick you into giving out confidential personal information, particularly usernames and passwords. Other common malicious emails include extortion messages, corrupt attachments, and emails with links that download viruses and other malware to your computer or device.

Welcome Back
Phishing and other malicious emails happen all year, but KU students, faculty and staff have been welcomed back this semester with a surge of malicious emails. So, be extra vigilant in scrutinizing suspicious messages to protect yourself and the KU community.

A Recent Example
Some of you received the message below, which provides a good example of how important awareness and observation is in protecting yourself. While it’s a simple message, it shows several indicators typical of phishing messages:

  • A sense of urgency
  • Warning of potential loss or consequences if action isn’t taken
  • Typos, poor grammar, awkward syntax
  • Unusual URL that isn’t associated with KU (i.e., KU websites end in “ku.edu”)

 

Screenshot of phishing message

We Aren’t Perfect
Granted, legitimate emails to campus aren’t always perfect. However, emails from legitimate organizations, including campus units, are typically reviewed by several people before they are sent to campus. This review process means errors will usually be caught and corrected.

And yes, sometimes campus units (including KU IT) will send emails with language asking you to take action, and even invoking some urgency. When you receive those messages, I encourage you to scrutinize them carefully and contact the sender or abuse@ku.edu if you have any questions about the legitimacy of the message.

Report and Delete
Whether you think a message is malicious or simply spam, you should report the message and delete it. The best way to report a message is using the “Report Message” button in Outlook. However, if you are especially concerned that a message may be dangerous, you can forward it to abuse@ku.edu.

Learn more about protecting yourself on our IT security page. Thank you for helping to keep yourself and KU systems safer! Protecting our campus is a community effort.