Be on the lookout for increased phishing email scams this holiday season.
Phishing is an attempt by cybercriminals, posing as a legitimate business, to trick you into sharing personal information, such as passwords, credit card numbers, Social Security numbers, or bank account numbers, via a fraudulent email or website.
Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask for your Duo backup passcode immediately following login. If you are ever asked to give that in combination with your password – you are being scammed. Immediately report the email to abuse@ksu.edu.
For additional information on how Duo passcodes work, view the Duo Passcode knowledge base article.
In addition to the regular phishing scam attempts this month, cybercriminals also are sending phishing emails about online purchases, urging people to “click this link to confirm your order” or “click this link to confirm your mailing address.” DO NOT click those links. If you are concerned about an online order, sign in to your online account to check your order status. Remember, legitimate businesses will never ask for your account, personal, or financial information by email.
Phishing Scam Tips
- Don’t reply to suspicious, unexpected, or strange emails.
- Be wary of emails with urgent requests for your personal or financial information or sign-in credentials.
- Watch out for emails that warn you of quarantined messages, stating you have a short period to recover them.
- Don’t open unexpected or unusual attachments or strange-looking emails from people you don’t know.
- Don’t click links in random emails, emails you suspect are fraudulent, or if you don’t know the sender.
- Don’t click Sign In links. Visit the business website directly, sign in, or contact customer service for help.
- Avoid filling out forms in email messages that ask for financial information. Only share credit card information via a secure website or telephone.
Receive a suspicious email? Forward it to abuse@k-state.edu. Visit the phishing scams webpage to learn more.
