Phishing Scams

Phishing is a way cybercriminals try to trick you into sharing personal information, such as passwords or credit card, social security, and bank account numbers, by sending you fraudulent emails or directing you to a fake website.

Phishing emails are designed for trickery and appear to be from legitimate organizations like K-State, PayPal, FedEx, your bank, or a government agency. The emails request updates, or confirmation of account information, often suggesting there is a problem. You're then redirected to a fraudulent site and tricked into entering account information, which can result in compromising your account(s) or even identity theft. Don't take the bait!

K-State and legitimate businesses will NEVER ask for your account, personal, or financial information by email.

Report Phishing Email

Send the suspected phishing email and original headers to:

Learn how to forward with headers

Signs It's a Scam

Learn to recognize a phishing scam and help protect yourself from identity theft.

Example of a phishing scam.

  1. Urgent or threatening tone.
  2. Email address doesn't match sender's name.
  3. Unexpected attachments.
  4. Generic greeting.
  5. Typos, misspellings, and improper grammar.
  6. Fake web addresses made to look legitimate.
  7. Link text and destination differ when hovered over.

If You Think You've Fallen for a Phishing Scam

  • Change your password immediately.
  • Turn off your computer and alert your system administrator, who will check to determine if any malware has been put on your machine and remove it. If you don't have a system administrator, contact the IT Service Desk: Submit a Ticket, or Start a Live Chat.
  • Check whether your email forwarding has been changed.
  • From your eProfile page, check your alternate email address to ensure it hasn't been changed.
  • Check your eID password-reset options to verify they haven't been changed.
  • If you use similar passwords on other accounts (bank account, healthcare, retirement, etc.) change those passwords as well.
  • For the next year, review your bank and credit card statements to check for suspicious activity. Change passwords on all relevant accounts.

    NOTE: Cybercriminals will sometimes hold personal identity information and use it much later.

  • Check your Sent and Drafts email folders to see if your account has been used to send additional scams to other people. Delete any emails in Drafts to keep them from being sent, and notify recipients of any Sent emails that your previous email was a scam. Use some method other than email to notify those people.

Preventative Strategies

  • Don't reply to suspicious, unexpected, or strange email.
  • Be wary of email with urgent requests for your personal or financial information, or your sign-in credentials.
  • Don't open unexpected or unusual attachments, attachments from strangers, or strange-looking emails.
  • Don't click links in unexpected emails, emails you suspect are fraudulent, or if you don't know the sender.
  • Don't click Sign In links. Go to the business website and sign in there, or contact their customer service for help.
  • Avoid filling out forms in email messages that ask for financial information. Only share credit card information via secure website or telephone.