Campus News

Oldest Trick in the Scam Book

Phishing
Be aware of phishing.

LEXINGTON, Ky. (Oct. 29, 2018) Phishing, known to hackers as the “oldest trick in the book,” is defined as the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, by disguising as a trustworthy entity in an electronic communication. The information is then often used for malicious reasons.You may think that it’ll never happen to you because you never click on unknown links or give out personal information, but it can easily happen to anyone.

Earlier this year, Federal Student Aid issued a warning on one such occurrence referencing an email being sent to students at several institutions of higher education. The email was regarding their university billing statement. The students were instructed to review and confirm their updated bill for 2018. The email further stated that information on how to pay in full or set up a payment plan option could be found on their school’s portal and provided a link. Once students clicked on the fake portal and entered their university credentials, their login information was captured. Hackers then exploited the opportunity to use those credentials on the official university portal and redirect student financial aid payments to a different bank account. Universities using a two-factor authentication were not as vulnerable to this type of phishing attack because the student would have been alerted when someone else accessed their information.

This interaction should be a lesson to all, always be on guard and on the lookout! There are many ways you can defend against phishing, here are a few tips:

  • Guard against spam, install a malware blocker.
  • Communicate personal information via secure phone or secure web sites.
  • Do not click on links, download files or open email attachments from unknown senders.
  • Always check the link’s URL that you received in the email, even if the email appears to be from a reliable site or acquaintance.
  • Do not email personal or financial information.
  • Do not enter personal information in a pop-up screen.

Even though the university has invested heavily in technology to support students, faculty and staff, and with advanced machine learning, no technology is able to stop all attacks. It is important that everyone work together to protect themselves and the university.

What do you do when you suspect you have received a phishing email? Do not click on the links and send the email as an attachment to isthisemailsafe@uky.edu, the Information Technology Services team will review the email and take appropriate action.

Isthisemailsafe@uky.edu is viewed by the Cybersecurity and Directories, Messaging, and Collaboration teams, then the teams review messages for malware, malicious links, etc. Not only will this better protect you, but your actions will assist in alerting those teams to threats as they develop, thus enabling better protection of the university.

Want to learn more? Email the Information Technology Services Cybersecurity Team at cybersecurity@uky.edu, visit us on campus, or visit http://go.uky.edu/2ZO to view Cybersecurity Awareness Month tabling locations. 

If you have questions or need assistance, please contact ITS Customer Services at 859-218-HELP (4357) or 218help@uky.edu.