It’s always Phishing Season.

Phishing is a technique for attempting to acquire sensitive data, such as account credentials, through a fraudulent solicitation in email or on a website, in which the email sender masquerades as a legitimate business or reputable person.

The information below will help you identity key factors and components that make up a phishing message, and help you decide your next action steps to protect yourself.

What are common traits to look for in phishing emails?
  • Sender email address is unexpected, or the style of communications is abnormal – for example, your manager sending an unexpected email asking you to buy gift cards
  • Generic greetings
  • Poor grammar and misspellings
  • The use of urgent and capitalized words
  • Any request for reply from a non-university email account or a personal phone number
  • Any requests to purchase gift cards
  • Any job offers that require you to cash a check sent to you, then send the money back via electronic transfer or gift cards
What steps should I ALWAYS take?
  • Report the email to Wichita State University using the Phish Alert Report button in Outlook. The university uses the reported emails to detect patterns, spread awareness, and block future phishing campaigns. More information about the Phish Alert Report button can be found at https://www.wichita.edu/phish
  • If you did not request a Duo MFA push approval and you are suddenly receiving them, hit deny and contact askinfosec@wichita.edu or contact us at 978-4SEC
What steps should I NEVER take?
  • Respond to the email or interact with it
  • Give out personal information, such as your social security number, bank account number, home address, etc., to anybody you don’t know or trust
  • Click any links or open any attachments, as it most likely contains malware
What DO I do if I revealed personal information as the result of a phishing email?
  • Immediately change your password for any and all accounts. New, unique passwords should be used for separate accounts to prevent the potential for an attacker to compromise multiple accounts with a single reused password.
  • Contact askinfosec@wichita.edu or contact us at 978-4SEC and let them know you’ve responded with personal information to the email.