Authentication Scams - University Information Technology Services

Phishing Scams

If you have any doubts about the legitimacy of an email, report it to University Information Technology Services (UITS)! Forward it to abuse@kennesaw.edu, or click the "Phish Alert Report" button in Outlook.

Learn more about reporting

Exploiting Trusted Sources Example 1

From:

Relay Tracking System <elias@mxlx.com>

To:

scrappy@kennesaw.edu

Subject:

[EXTERNAL] Delayed Message Delivery: Server Issue ID#SHEUT

Message:

Hello Scrappy,

We have restricted 2 incoming DOMAIN messages due to a server error.
Consult and choose what to do with them.

Click to Recover messages

Kennesaw Help Center

Stop. Spot. Report.

How many flags did you spot? See the 4 flags in this email.
1. The message is marked as EXTERNAL. When you hover over the email address, you will see the account it was sent from is not an official KSU account.
2. Unusual Request: Scammers will send confusing requests that sound legitimate and important to trick you into clicking the link.
3. Short and Sweet: Messages are often kept brief to get you to act impulsively and click the link to find out more. In the case of this email, Scrappy was left with far more questions than answers as to why he would be receiving such a message.
4. Incomplete and incorrect signature.
What should you do if you received a similar email?
1. Stop: Do not respond to the email. If you are in doubt, reach out through an official channel and ask the person claiming to have a quick request if they indeed contacted you.
2. Spot: Take note of the discrepancies.
3. Report: Use the Phish Alert button to report the email to UITS. (If it is legitimate, you will be notified that you can safely proceed with any requests.)Watch for the inconsistencies.

Exploiting Trusted Sources Example 2

From:

Kathy 'Kat' Schwaig <ghenrich@wpschools.net>

To:

scrappy@kennesaw.edu

Subject:

Kathy 'Kat' Schwaig shared a document

Message:

Kathy 'Kat' Schwaig

(President@kennesaw.edu) added you as a viewer. VERIFY your email to securely view this document. You will need to verify your email every 7 days.

**********************************

NOTICE: This email message, including any attachments, is for the sole use by the intended recipient(s) regarding the business of West Point Public Schools and may contain confidential and priviledged information protected by federal and state law. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destory all copies of the original message.

***********************************************

Stop. Spot. Report.

How many flags did you spot? See the 4 flags in this email.
1. Spoofed domain name: The sender appears to be Dr. Kathy Schwaig; however, when you hover over the email address, you see that the actual sender is a "gheinrich" from a different school.
2. There is no context provided as to why you were added as a viewer to this document. The scammer is hoping your curiosity is peaked to find out what Dr. Schwaig has shared with you and you will click on the link.
3. You are prompted to click on a link to verify your email. Documents shared by people at KSU would be shared from a Microsoft account and would not require you to verify your email address.
4. Regarding the NOTICE, it mentions "West Point Public Schools," not KSU.
What should you do if you received a similar email?
1. Stop: Do not respond to the email. If you are in doubt, reach out through an official channel and ask the person claiming to have a quick request if they indeed contacted you.
2. Spot: Take note of the discrepancies.
3. Report: Use the Phish Alert button to report the email to UITS. (If it is legitimate, you will be notified that you can safely proceed with any requests.)