What is Email Phishing and how to avoid it
What is Phishing?
- Phishing is when criminals try to trick you into giving out confidential personal information (e.g., credit card and bank account numbers, Social Security number, passwords, etc.) by impersonating a legitimate organization, offering a chance to win a prize if you register, etc. Phishing attacks happen by email, phone, online ad and text message.
- Phishing messages may appear to be from organizations you do business with (e.g., banks, software companies, healthcare, etc.) or work for. They might threaten to close your account or take other action if you don’t respond. The senders of these messages are criminals phishing for your valuable personal information to commit fraud.
- Legitimate organizations, including KU, will never ask you to provide sensitive personal information (password, Social Security Number, etc.) in an email or in an unsolicited phone call.
Phishing Examples
- We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
- “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
- “You have won a free $500 Walmart gift card. Click here to collect your card.”
- “Test the new iPad and keep it when you’re finished. Just use the iPad and tell us what you think. Call us to become part of this exclusive test.”
What to do if you get an email like this?
- Please email abuse@ku.edu to send over to KU IT Security.