Next Steps for Phishing Attack Victims

LEXINGTON, Ky. (June 20, 2017) — Cyber security awareness and defense is a critical component of protecting your devices and personal information against phishing attacks. Over the past few months, University of Kentucky Information Technology Services (ITS) has distributed multiple notifications to students, faculty and staff regarding phishing attempts, spam, malware, ransomware, and compromised emails and passwords. ITS has also produced several posters/flyers that can be printed and posted in centralized work areas to raise awareness about cyber security. These items can be downloaded here.

What should you do if you fall victim to a phishing attack?

If you inadvertently provided your linkblue credentials after clicking a malicious link, follow these steps immediately:

1. Visit here to reset your linkblue password and password reset questions, and immediately set up an alternate email address and text option to secure your account.
2. Change your passwords for accounts that utilize the same or similar credentials, such as passwords (e.g., Netflix, IRS/Tax accounts, personal email, etc.).
3. Forward the phishing email as an attachment to spam@uky.edu.  
4. Visit here to file a police report with the UK Police Department.
5. Run a virus scan on your machine or ask your technical support to run one.
6. If you provided your social security number (SSN) or bank account information, follow the “steps to take if you become a victim,” instructions from the IRS Guide to Identity Theft.  
7. Consider filing a complaint with the FBI Internet Crime Complaint Center.
8. Review the Defense Playbook Against Phishing Emails.
9. Use two-factor authentication for non-UK accounts, when available.
10. Call the IT Service Desk at 859-218-HELP (4357) if you need additional assistance changing your password.   

What is a spam email?  Spam email is a form of commercial advertising.  

What is a phishing attack? Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing emails may contain links to websites that are infected with malware.

What is malware? Malware is software that is intended to damage or disable computers and computer systems.

What is ransomware? Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

For questions and to provide feedback, contact security@uky.edu.