Don’t get hooked: how to prevent ‘phishing’

Don’t get hooked: how to prevent ‘phishing’

Don’t Get Hooked – How to Prevent “Phishing” from KentWired.com on Vimeo

Over this past weekend, some Kent State students received an email saying they violated KSU policies with their email usage and had to verify their identity to save their account. This email did not come from the university, rather someone posing as a university official – a phisher.

Freshman Abigail Bigelow was one of many who nearly became a victim of the phishing attack. “I saw the email and I thought it was legitimate,” Bigelow said, “so I clicked on the link, and they asked me for my Kent State email address and password.”

According to the Kent State Secure IT website, phishing is defined as a scam that appears to originate from a trustworthy source that tricks a user into providing private information such as logins and passwords. The attackers can then use that information to access accounts, make purchases and even apply for credit cards in their name.

Bigelow, like many, nearly fell for the fraud. “I just noticed spelling errors and spaces and things of that nature, so then I looked into it more and it made me realize it’s a scam.”

Spelling and spacing errors are trademarks of phishing emails, along with generic greetings and signatures and non-verifiable websites. The Kent State Secure IT Team says the university will never ask for a password through email and to be weary of anything that asks otherwise.

“This email to me is a scary thing because I thought it was actually from Kent,” Bigelow said, “and just looking back now I’m thankful I didn’t click it, because imagine what they could’ve done if they had my information.”

Here are some tips Secure IT says can help prevent you from becoming a victim of phishing:

  • Read the email carefully for slight misspellings, such as replacing a lowercase “L” with the number 1.

  • Don’t click on the links in phishing emails, and don’t open attachments – they could potentially contain viruses.

  • Never respond to a request for sensitive information over email, even if it seems legitimate.

If you are the victim of a phishing email, Secure IT encourages you to change your passwords and report the email to [email protected].