LEXINGTON, Ky. (Feb. 10, 2014) — The number of "phishing" emails targeting University of Kentucky employees and students is on the rise.
Phishing is the malicious act of sending emails with the intent of gaining the user’s private information for the purposes of identity theft and fraud. These emails can also be used as stepping stones to launch further cyber-attacks against individuals and the university.
Members of the university community are reminded to never give their LinkBlue or other account passwords to anyone. Phishing e-mails can often be detected and separated from legitimate email by looking for a few clues. Be suspicious of supposedly "official" emails that include any of the following:
- a “sent from” email address that does not end in “uky.edu”;
- a notice that the email is “Urgent”;
- references to organizational units that do not exist within UK;
- inconsistencies (i.e., “University of Kentucky Technical Assistance Team” and then “University of Kentucky webmail Customer service”);
- hyperlinks to Internet addresses that do not end in “uky.edu”; or
- a request that you provide an account username and password.
“The number of phishing emails that the UK community receives will always increase with the start of a semester; unfortunately, the sophistication, quality, and quantity of these bogus emails is increasing as well,” said Vince Kellen, senior vice provost for analytics and technologies. “All of us need to be vigilant.”
Members of the UK community who suspect or witness a computer or network security incident or a related crime, either on campus or involving UK's digital assets, are advised to contact the UKAT Security Services team at email@example.com or call the UKAT Service Center at 859-218-HELP (4357).
More information about identifying phishing email is available at http://www.uky.edu/ukit/security/abuse.