Skip to main content
Skip to main content

Phishing

Phishing Information

On this page:


What is Phishing?

Phishing is a common scam that attempts to lure you into giving up your username, password, or other sensitive information by masquerading as someone you know and trust.  This can be done by phone, but is typically done in email.  The email may appear to come from WKU or another company you do business with, and it often asks you to click a link, open an attachment, or reply with your account or personal information.

Additional information:

Back to Top


Tips to Spot Phishing

  • Be suspicious of email that alerts you to problems with your account, is labeled “Urgent”, or requires “Immediate Action”.
  • Be suspicious of attachments and only open those that you were expecting.
  • Be suspicious of email from a friend or colleague that looks odd or out of place.  If their email account has been compromised by an attacker, it could be used to send phishing email.
  • Examine from “From:” email address.  Often the “Display Name” will say something that looks familiar, but the underlying email address (with the “@” sign) is obviously foreign or nothing you recognize.
  • Examine the underlying URL on any links.  Regardless of how the link is labeled in the email, the underlying link on a Phish email will usually not be a “wku.edu” address.  
  • If you click on a link be sure to look at the address bar of your browser.  If the domain does not end in wku.edu you are not on a WKU page.

If you are uncertain about the authenticity of a WKU email, please contact the IT Helpdesk.

Back to Top


Reporting Phishing

  • If you receive a phish that targets WKU (asks for your NetID, references your WKU accounts, impersonates WKU) please forward the entire message to phish@wku.edu.
  • If you receive a phish that targets a company, please consider reporting it to them.
  • Consider reporting the phish to the Anti-Phishing Working Group, an organization dedicated to fighting phishing and cybercrime.

Once you report the message, it is important that you delete it immediately.

Back to Top


Information for Victims

If you responded to a phishing message, take the following steps to protect yourself and others:

If you are a WKU employee:

  1. Contact IT Support
    WKU employees are required to report their responses to phishing messages to IT Security.  Contact IT here.  It is essential that you tell us whether or not you released any WKU institutional data or personal information about WKU faculty, staff, students, or alumni.

  2. Change your NetID password
    If you responded with your NetID username and password, please immediately change your NetID password.

  3. Report the phishing message
    Please see the information regarding reporting.

If you are a WKU student:

  1. Change the appropriate passwords
    If you responded to a phish with your TopperMail username and password, please follow these steps.  If you responded with your NetID username and password, please immediately change your NetID password. If you are unsure about any part of this process, please contact the IT Helpdesk.

  2. Report the phishing message
    Please see the information regarding reporting.

If you believe you are the victim of identity theft:

  • Contact your local authorities to file a police report.
  • Refer to the FTC website on repairing identity theft.
  • Obtain your credit reports from Equifax, TransUnion, and Experian and place them on a "Fraud Alert."  Consider a "Security Freeze" on your credit, which is stronger than a fraud alert but prevents 3rd party access to your credit report.  Consult with one of the three credit agencies for more details.
  • Consider a credit monitoring service.
  • Close any accounts, particularly financial accounts, that might be affected.

Back to Top


Phishing Examples

To see some general examples of phishing attempts, click here.

NEW!  The IT Phish Bowl now provides some of the latest phishing examples at http://www.wku.edu/it/phishbowl/.  Also, follow @WKUIT on Twitter for real-time updates on system status and the latest phishing alerts.

Back to Top


Questions?

If you have any questions, please contact the IT Helpdesk.

Back to Top

Note: documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view,
download Adobe Acrobat Reader.

Note: documents in Excel format (XLS) require Microsoft Viewer,
download excel.

Note: documents in Word format (DOC) require Microsoft Viewer,
download word.

Note: documents in Powerpoint format (PPT) require Microsoft Viewer,
download powerpoint.

Note: documents in Quicktime Movie format [MOV] require Apple Quicktime,
download quicktime.

 
 Last Modified 8/11/16