Take Action Scams - University Information Technology Services

Phishing Scams

If you have any doubts about the legitimacy of an email, report it to University Information Technology Services (UITS)! Forward it to abuse@kennesaw.edu, or click the "Phish Alert Report" button in Outlook.

Learn more about reporting

Exploiting Urgency Example 1

From:

NetID@students.kennesaw.edu

To:

scrappy@kennesaw.edu

Subject:

IT DESK

Message:

This is a special notice that your Office 365 Edu email and password will expire in 24 hours Our Record indicate that you recently need to Authenticate your Office 365 Login And this process has
OFFICE365 Begun by our Administrator. you are advised to Fill out your correct information

If you do not verify your mailbox, we will be forced to block your account

Stop. Spot. Report.

How many flags did you spot? See the 4 flags in this email.
1. The email is from a student account, but the subject line and content pretend that the email is from the IT Desk. KSU's technology help is called "KSU Service Desk" and the email address would appear as "IT Service Desk."
2. Grammar and spelling mistakes: Many cybercriminals don't pay attention to proper spelling and capitalization.
3. Threatening message: You are led to believe that you will be denied access to your account if you don't fulfill their request.
4. A request to share sensitive information. If you were to click on the link (which, of course you won't), you would be prompted to share sensitive information that hackers could use to steal from you or to impersonate you.
What should you do if you received a similar email?
1. Stop: Stay calm. People fall victim to these kinds of scams because they fear that they will loose access to their account. Do not respond to the email. If you are in doubt, reach out through an official channel and ask the person claiming to have a quick request if they indeed contacted you.
2. Spot: Take note of the signs described above.
3. Report: Use the Phish Alert button to report the email to UITS. (If it is legitimate, you will be notified that you can safely proceed with any requests.)

Exploiting Urgency Example 2

From:

Kennesaw.edu Help-Desk noreply@<NAME.COM

To:

scrappy@kennesaw.edu

Subject:

[EXTERNAL] NetID Request received: Service Ticket ID:9104

Message:

Hi Scrappy,

Your password for scrappy@kennesaw.edu is set to expire on 8 of July 2024 EST.
Keep same password with the button below.

Keep My Password [Click BUTTON]

*Do not ignore this email to avoid login interruption.*

Thanks,
The kennesaw.edu Team

Stop. Spot. Report.

How many flags did you spot? See the 4 flags in this email.
1. External sender warning in the subject line.
2. The subject line includes a ticket number, but Scrappy didn't put in a service request.
3. You are urged to act now in order to avoid login interruptions.
4. The signature is strange and incorrect. The KSU Service Desk has a nice signature with contact information.
What should you do if you received a similar email?
1. Stop: Do not click the link or respond to the email.
2. Spot: Take note of the discrepancies.
3. Report: Use the Phish Alert button to report the email to UITS. (If it is legitimate, you will be notified that you can safely proceed with any requests.)