Phishing scams are used by cybercriminals to trick you into sharing personal information, such as passwords, credit cards, social security and bank account numbers, by sending you fraudulent emails or directing you to a fake website. K-State and legitimate businesses will never ask for your account, personal or financial information by email. Learn what a phishing scam looks like.
Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask you to provide a Duo passcode immediately after completing the standard login confirmation. If you are ever asked to give that in combination with your password – you are being scammed.
Phishing Scam Tips
- Don’t reply to suspicious, unexpected, or strange emails.
- Be wary of emails with urgent requests for your personal or financial information or sign-in credentials.
- Watch out for emails that warn you of quarantined messages, stating you have a short period to recover them.
- Don’t open unexpected or unusual attachments or strange-looking emails from people you don’t know.
- Don’t click links in random emails, emails you suspect are fraudulent, or if you don’t know the sender.
- Don’t click sign in links. Visit the business website directly, sign in, or contact customer service for help.
- Avoid filling out forms in email messages that ask for financial information. Only share credit card information via a secure website or telephone.
Think before you click. More than 90% of successful cyberattacks start with a phishing email. If you receive a suspected phishing email, immediately report the email to abuse@k-state.edu.