Phishing @ UNK

Phishing is a social engineering technique whereby hackers send authentic-looking emails to a user in order to persuade the user to share valuable information, generally for use in identity theft or other fraud. Many phishing emails appear to be from financial institutions, online retailers, shipping companies or government agencies. They will typically say there is an urgent problem with your account, and require an immediate response by clicking on an included link. Report new phishing emails to the UNK Security Team.

Legitimate companies should never ask you to provide confidential information via email.

If you are not 100% sure an email is legitimate, do not click on any links in the email. Instead:

  • Avoid clicking links people send you instead of using a search engine to find the proper link.
  • Do not call phone numbers listed in emails, use a search engine or phone book to verify them.
  • Use a phone number or email address on the company’s legitimate site to contact them.
  • If you do not have an account with the company, do not reply to the message to tell them they are wrong.
  • Never open an email attachment unless you are sure about who sent it, why they sent it and what the attachment is.
  • Never give sensitive personal information (including passwords) in an email.

Spotting phishing emails:

  • The email is about an urgent problem that requires an immediate response.
  • Anything that sounds too good to be true probably is.
  • The email contains a link to a site that requires you to enter sensitive information.
  • The email contains poor spelling and grammar
  • The link and/or the email address are similar to, but don’t match the legitimate company address (i.e. fedex.com vs. febex.com).
  • The “From:” and “Reply To:” headers do not match. Do not assume the name in the “From:” line is the real person that sent the message.

Phishing Awareness Assessment

The UNK Security Team will be taking a new approach to improving security awareness. This new approach will involve periodically sending “phishing” email to Faculty and Staff. If individuals respond to the messages they will receive additional awareness information. The UNK Security Team will not share responses from individual employees with anyone else. Nothing will be shared except aggregated statistics about response rates. The intent is to increase awareness and improve future security awareness efforts.

Please contact the UNK Security Team if you have any questions or concerns. Thank you!