Skip to main content
Skip to main content

IT Division - News

Phishing Scams

Phishing

Email and Phishing scams are a way of life in the digital world we rely so heavily on today.  While WKU’s email filters catch and block a large number of these types of emails, they cannot all be blocked. The best defense is user knowledge and wariness. The simple rule is “Do not respond to, download files from, or click on links within any unsolicited email from a sender you do not know”.  If you are unsure about any email to which you are tempted to respond, contact the IT Help Desk for help verifying authenticity. Recently, there have been a number of email scams sent to WKU email users which promise money for “work from home” or “acting as a secret Walmart Shopper”, etc.  These typically want you to send money after they have sent you a fake check or counterfeit money order payment. These are scams that you should delete.

Phishing scams try to lure you into giving up your username, password, or other sensitive information by masquerading as someone you know and trust. They may ask you to click a link, open an attachment, or reply with your personal information.

The most common phishing attack we see is an attempt to steal WKU usernames and passwords. The email may claim to be from the IT Helpdesk and even include a WKU logo to appear more convincing. It may insist you “update” your account by clicking a link, which actually leads to a malicious login page.

If an attacker can convince you to enter your username and password, they can gain complete control of your account. They can then read your email, send malicious messages posing as you, and potentially access other University systems using your identity.

Is it Phishing?

  • Be suspicious of email that is “Urgent” or requires “Immediate Action”.
  • Be suspicious of attachments and only open those that you were expecting.
  • Be suspicious of email from a friend or colleague that looks odd or out of place.  If their email account has been compromised by an attacker, it could be used to send phishing email.
  • Examine from “From:” email address.  Often the “Display Name” will say something that looks familiar, but the underlying email address (with the “@” sign) is obviously foreign or nothing you recognize.
  • Examine the underlying URL on any links.  Regardless of how the link is labeled in the email, the underlying link on a Phish email will usually not be a “wku.edu” address.  

If you receive a phishing email, you should delete it.  To notify IT, you can forward the email to phish@wku.edu.

If you have any questions, please contact the IT Helpdesk.

Categories
Latest Headlines
Windows 10 Creators Update (1703) available

The Windows 10 Creators Update is now installing on campus.

TopperTech Drop Off Deadline

Drop off deadline for 2017 Fall semester

IT Orientation for New Employees

What do new faculty and staff need to know about WKU Information Technology?

Featured Articles

No Featured Articles for this category

Note: documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view,
download Adobe Acrobat Reader.

Note: documents in Excel format (XLS) require Microsoft Viewer,
download excel.

Note: documents in Word format (DOC) require Microsoft Viewer,
download word.

Note: documents in Powerpoint format (PPT) require Microsoft Viewer,
download powerpoint.

Note: documents in Quicktime Movie format [MOV] require Apple Quicktime,
download quicktime.

 
 Last Modified 9/25/14