Cybersecurity Awareness Month 2024
Watch Out for Phishing!
October is Cybersecurity Awareness Month
This year's initiative for Cybersecurity Awareness Month is "." The third week of Cybersecurity Awareness month focuses on recognizing and reporting phishing emails. Cybercriminals like to go phishing, but you don't have to take the bait!
Knowing how to recognize and report a phishing email is an important way to keep yourself and others safe online. This month's tips will focus on the red flags present in many types of phishing emails, as well as different methods of reporting these messages.
What is Phishing?
Phishing is a type of online scam where criminals send out fraudulent email messages that appear to come from a legitimate source. The email is designed to trick you into providing the scammer with confidential information. The email can include a link or attachment which once clicked, will steal sensitive information or infect a computer with malware. Phishing is a form of social engineering.
Many phishing messages alert you with a sense of urgency, such as an email claiming to come from a trusted source with a link for you to click. For example, this link can lead to a fraudulent website that asks you to enter sensitive information. Any information you input through it will be sent to the attacker. Depending on how much information you provided, the attacker can make purchases in your name or commit identity fraud.
Red Flags & Common Scams
There are several common red flags that you can look for when you receive a suspicious email. Ask yourself the following questions:
- Does the sender's email address look unfamiliar, or not make sense given the context of the message?
- Are you being offered something (a job, money, a gift) that seems too good to be true?
- Does it include urgent, alarming, or threatening language?
- Is the greeting ambiguous or generic? For example, does the email begin with "Dear customer" instead of your name?
- Does it ask you to send personal information (phone number, banking information, social security number)?
- Are you repeatedly directed to click a link or open an attachment?
- Is the message unexpected or out of the ordinary?
- Was the message sent at an unusual time of day, such as outside of work hours or overnight? For example, would your supervisor send you an email asking you to complete a task at 2 in the morning?
You can read more in-depth about red flags here!
To learn more about common phishing scams, visit our page here. Just select a scam to read more about it!
I Think I Found a Phish! Now What?
If you suspect that you have received a phishing email:
- Do not click any links within the suspicious message. Clicking a link can install malware onto your system, send information about you to the scammer, or redirect you to a fraudulent website. For more on the dangers of malicious links, visit our page here.
- Do not open any attachments. Doing so can run dangerous code and harm your system. Be especially cautious when you see files with .HTML or .EXE extensions, though many other file types can be used to deliver malware.
- Do not respond to the message, especially if you are asked to send any personal, financial, or otherwise sensitive information. Scammers often use threats or a sense of urgency to get you to respond; slow down and think twice!
Whenever you receive a suspicious message, you can keep yourself and others safe by reporting it.
Reporting a Phish
Does an email in your inbox have some of the red flags listed above? If so, it is best to report the email. ºÚÁÏÍø has a dedicated team that will analyze any emails that are reported as phish. If the email is a phish, the Phish Team will let you know how that particular scam works, what the scammer was after, and any additional actions you can take to keep yourself safe. Our team will also remove all copies of the phishing message from Kent State's mail system.
If you did reply to or interact with the content of an email, and our team reports back that it is a phish, we can provide you with some additional steps for securing your accounts and devices.
To report an email to us, just forward it to phish@kent.edu. You can also use these instructions to .
You can learn how to report messages to Microsoft, Google, or your cellular service provider here!
By reporting an email to one or all of these entities, you are helping ensure that the phishing attempt is stopped or mitigated before it can reach other people. This helps protect you, your colleagues, and everyone else online from phishing attempts!
More Resources
The National Cybersecurity Alliance has also created Kubikle, a series of short videos discussing various topics around keeping your accounts and data secure! You can watch the videos on YouTube .
The Cybersecurity and Infrastructure Security Agency has also created educational videos about and .
For even more advice on how to spot phishing emails, you can watch IT Governance's video on the topic .