Information Security Office
What is Phishing?
Phishing is a common scam that attempts to lure you into giving up your username, password, or other sensitive information by masquerading as someone you know and trust. This can be done by phone, but is typically done in email. The email may appear to come from ECSU or another company you do business with, and it often asks you to click a link, open an attachment, or reply with your account or personal information.
Tips to Spot Phishing
- Be suspicious of email alerting you to problems with your account, or those labeled “Urgent”, or require “Immediate Action”.
- Be suspicious of attachments and only open those that you were expecting.
- Be suspicious of email from a friend or colleague that look odd or out of place. If their email account has been compromised by an attacker, it could be used to send phishing email.
- Examine the sender's email address. Be causious of email addresses you do not recognize, especially those requiring action from you or those with attachements.
- Examine the underlying URL of any links. Regardless of how the link is labeled in the email, the URL that the link points to in a phishing scam email will not be a “www.ecsu.edu” address.
Click HERE to see an example of an email phishing scam.
Information for Victims
Contact IT Support
If you responded to a phishing message, report your response to Information Security at firstname.lastname@example.org. If you are an ECSU employee, it is essential that you tell us whether or not you released any ECSU institutional data or personal information about university faculty, staff, students, or alumni.
Change Your Password
If you responded with your username and password, please change your password immediately. If you require assistance, please contact the the Helpdesk at (252)335-3532.
If You Believe You are the Victim of Identity Theft
- Contact the ECSU University Police in 136 Thomas-Jenkins Bldg. to file a police report.
- Refer to the FTC website on repairing identity theft.
- Obtain your credit reports from Equifax, TransUnion, and Experian and place them on a "fraud alert." Consider a "security freeze" on your credit, which is stronger than a fraud alert but prevents 3rd party access to your credit report. Consult with one of the three credit agencies for more details.
- Consider a credit monitoring service.
- Close any accounts, particularly financial accounts, that might be affected and open a new account.
Thanks to WKU for this great information.