ºÚÁÏÍø

Fight the Phish

Are phishing emails lurking in your inbox?

You can Fight the Phish by being picky with your clicking... staying vigilant and wary of suspicious emails, texts and even chat boxes. Do your part. #BeCyberSmart.

Phishing emails give themselves away through a variety of red flags. We compiled a list of them on this page to help you Fight the Phish!

You can find even more information on how to protect yourself from phishing scams here!

Phishing attacks happen every day. Report any suspicious emails you see in your inbox to phish@kent.edu by forwarding the email as an attachment. You can find more information about reporting phish emails here. For additional information on phish, please click on the links on the left side of the page to learn more.

Red flags of phishing emails.


Being able to identify the red flags in a phishing email will help you avoid being phished. You are the first line of defense for protecting yourself and the ºÚÁÏÍø community!

We know this is a lot of information to keep in mind while you navigate your inbox. Remember, if you suspect an email you received is a phishing email, please report it to phish@kent.edu. You can find some additional phishing tips here!

Red Flag - From

FROM:

  1. The sender of the message is unfamiliar to you, or the message is unexpected or just oddly timed.
  2. The sender's email address or the message itself contains odd spelling or grammatical errors.
  3. You don't recognize the sender's email address as someone you ordinarily communicate with
  4. Does the sender's email address appear suspicious (for example:.ksu.edu@gmail.com)
  5. You do not usually communicate with the sender, it might be worthwhile to pick up the phone or drop by in person to verify that the email is legitimate.
  6. Was the email sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
  7. Did you receive an unexpected or unusual email with an embedded hyperlink or an attachment from someone you don't know?
Red Flag - To

TO:

  1. You were cc'd on an email sent to one or more people, but YOU don't personally know the other people it was sent to.
  2. You were sent an email that was also sent to an unusual mix of people. Like different organizations and their last names all start with the same letter or a whole list of unrelated addresses.
  3. Are people included on the email that are outside your organization?
Red Flag - Date

DATE:

  1. Did you receive an email that you normally would get during regular business hours. Bit it was sent at an unusual time like 3 AM?
Red Flag - Subject

SUBJECT:

  1. Did you receive an email with a subject line that is irrelevant or does not match the message content?
  2. Is the email message a reply to something that you never sentpurchased or requested?
  3. Does the subject line contain â€Áè·¡:†but do not remember sending or recognize ever receiving?
  4. Does the subject line imply an urgent action? Examples:​â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹
    1. ​â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹Urgent request
    2. Are you available?
    3. Final notice
    4. I need your ugent help!!!
Red Flag - Attachments

ATTACHMENTS:

  1. I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .TXT file. For example:
    1. Double extensions like - .TXT.EXE
    2. Most dangerous file extension - .EXE
    3. Others to watch for: .BAT, .HTML, .REG, .VBS, .ZIP, MSI
  2. Does the file attachment type make sense for what the message indicates. Example: voicemail (mp3 or wav) but a .HTML is attached instead.
  3. If you were not expecting an email with an attachment, or it is not the normal protocol for that sender, verify it directly with the sender before opening.
  4. Does the attachment prompt you to login and provide credentials?
Red Flag - Content

CONTENT:

  1. The message urges actions like clicking links, opening attachments or replying with information.
  2. The message appears to be time sensitive or threatens consequences for not responding fast. Example: You have to UPDATE or VERIFY your account or lose it situation.
  3. The message contains links with shortened or mismatched URLs or attachments with odd file extensions.
  4. The message urges actions like clicking links, opening attachments or replying with information.
  5. Has a generic greeting that seems a bit odd. For example: "dear sir/madam", "dear valued customer", "dear user", "dear member", "dear account holder".
  6. The message contains poor spelling and/or grammar making the message difficult to read.
  7. Does the email sound to good to be true? If it sounds that way, it probably is. Example: Part time job scam offering to pay an exorbitant amount of money for doing a simple task.
  8. You receive an email that asks you Urgently for your help. Examples: They are stuck in another county, need gift cards bought and they will pay you back, or ask you to wire them money.
Red Flag - Hyperlinks

HYPERLINKS:

  1. If you receive an unfamiliar email that feels strange, DO NOT: Click any links, respond to it, or try to "unsubscribe." Contact the person through familiar channels.
  2. You hover your mouse over a hyperlink that's displayed in the email message, but the link to address is for a different website. (THIS IS A HUGE RED FLAG)
  3. You received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank
  4. You received an email with a hyperlink that is a misspelling of a known website. For example: ​â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â€‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹ - the "m" is really two characters "r" and "n".​​​​​​
  5. Odd messages that indicate a shared file on Google Drive or OneDrive/SharePoint that you're not expecting and will prompt for you for login. Example: evaluation.docx