性福五月天

Phishing and Scams

Phishing
Scams
Fraudulent Invoice Scam
Shared File Scam

Phishing is a form of social engineering delivered by email. Phishing scams appear to originate from a trusted source to trick you into entering your credentials, revealing personal identifying information (PII), or sending money to them.

The attacker can then use this information to access your accounts, gather additional private information about you in an attempt to steal your identity, and make purchases or apply for credit in your name.

You can learn more about phishing and social engineering by reading the information here.

 

Phishing Tips

  • Move your mouse over links in emails and it may show a different URL than the one displayed.
  • If you are encouraged to click a link that claims to lead to a legitimate site (such as Amazon), look online for a trusted URL leading to that site instead.
  • Check the sender address to verify that the email comes from an official source.
  • Check for slight mispellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com.
  • Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
  • Be wary of anything that gives a sense of urgency, or states that it requires immediate action.
  • Don't click anywhere in suspicious emails鈥攅ven in what may appear to be white space.
  • Be wary of too-good-to-be-true offers such as free airline tickets or vacation.
  • Don鈥檛 open attachments in unexpected or suspicious emails or instant messages.
  • Don鈥檛 send passwords, bank account numbers, or other private information in an email.

Note that 性福五月天 will NEVER ask for your password through email.

For more advice on how to avoid phishing scams, visit our Fight the Phish page!

Have I Been The Victim Of A Phishing Scam?

If you believe that you have been the victim of a phishing scam, change your password immediately and report it to phish@kent.edu or submit a support ticket. Also, don't forget to check out our account security article for tips on how to keep your accounts safe. If you are using Gmail, you can also end all other active sessions. This should stop any unauthorized access to your account. Instructions on can be found here. You can also by following the instructions here.

When a victim of a phishing scam, it's common practice for the hackers to change your signatures, forwards, filters, and other settings. If you believe you fell victim to a scam, we recommend checking the following settings in your mail client.

  • A signature for an email is text that is automatically inserted at the end of an email. It is usually something you choose to set up. Make sure it is not an unfamiliar one setup.
  • Forwards can be set up to automatically forward to another email address. Make sure it is not forwarded to unknown address without your permission.
  • Inbox rules/filters can be used to automatically sort or delete anything in your inbox or sent box etc.  Scammers can use it to re-direct/hide their messages.
  • Check all of the folders in your email account - sometimes the malicious actor may create new folder to store messages they sent/receive or put them into the Trash when using your account to perform scams.

(Click to enlarge)
Don't Get Hooked Poster

What Are Scams?

Scams come in many forms and are a type of social engineering to either gain your personal identifiable information (PII), or steal your money. They are getting more and more sophisticated, particularly when it comes to targeting you online and through mobile devices. It鈥檚 important to know how to recognize a scam so you can protect yourself from fraudsters.

Note that KSU will NEVER ask for your password through e-mail, so be wary of anything that says otherwise.

Please report any scams you receive to phish@kent.edu. You can learn about additional ways to report phishing scams here: Report Phishing

How To Detect a Scam?

  • Scammers pretend to be from organizations you know
  • They pretend that you won a prize or that there is a problem
  • Scam calls will usually pressure you to act immediately
  • If it sounds too good to be true, then it probably is
  • Scammers will tell you to pay in a specific way

Steps To Avoid Scams

  • Don鈥檛 give out any personal information
  • Resist pressure
  • Block unwanted calls or messages
  • Don't click on any pictures, links, or white spaces in a suspicious email
  • Stop and talk to someone before taking action or giving out any information

Please refer to the site to read more about common scams and how to report them.

 

In this type of scam, scammers send deceptive emails that appear to be legitimate transaction confirmations from legitimate companies. In scams that target 性福五月天, the most commonly impersonated company on an invoice tends to be Geek Squad. However, any legitimate business can be impersonated in this scam. These emails typically include details about an immediate subscription renewal or an order that you have no knowledge of.

(Click to enlarge)
Fraudulent Invoice Poster

Scammers use fake invoice numbers, renewal dates, and other order details to make the email appear genuine. They also use similar logos and promotional banners to make the email look legitimate, ensuring their target believes them. Furthermore, the scammers will include a fake customer support number that they control and tell recipients to call it if they need assistance with their order.

 

How Does it Work?

As soon as the recipient calls the provided number, the scammers will claim that a transaction has occurred from the recipient's account. To deceive their victims, the scammers offer to cancel the transaction if you provide them with personal information or access to your computer. If they gain remote access to your personal computer, they may install spyware and steal your personal data and banking credentials.

It's crucial to note that legitimate employees should never ask for passwords over the phone. If you are asked for other sensitive information over the phone, such as your social security number, make sure that you are contacting a trustworthy number.

 

How to Avoid?

The best way to avoid falling victim to a fraudulent invoice scam is to avoid clicking on links and downloading attachments. If a support number is provided, remember to never call numbers that you aren't familiar with. Also, always remember to avoid sharing personal details with individuals that you don't recognize via email or any other medium.

If you have received an email supposedly from a legitimate business, but have concerns that it might be a scam, forward it to the phish team at phish@kent.edu. You can read more information about how to report an email here!

 

Examples

Below are some real examples of this email, in both email and PDF form.

An example of a fraudulent invoice phishing email.

This email contains an email address that does not belong to Geek Squad, a link that you can click on, a fraudulent customer support number that you are urged to call, and poor grammar. All of these red flags indicate that this is not a legitimate Geek Squad invoice.

 

An example of a fraudulent invoice phishing email.

This PDF contains the fraudulent customer support number in three different places. This also shows that your payment will be made to an account registered under a generic Gmail address, which would never be used for real Geek Squad payments.

 

More Resources

regarding fraudulent invoice scams.

.

File sharing phishing emails are very common. This scam utilizes services such as Google Drive or Microsoft OneDrive to share a file with you. This file will have an important-sounding name, often involving payroll or employee benefits. The scammer will also use an account with an email address that sounds as if it might belong to the university's payroll team, HR department, and other administrative offices. The goal is to get you to click the link and open the file, then complete the tasks within. Read on to learn what these phishing emails look like, what is contained within the shared file, and how to avoid falling prey to one of these attacks!

(Click to enlarge)
File Sharing Poster

 

The Structure of the Email

File sharing emails can be especially tricky to recognize because they are often sent by a legitimate email address. When a file is shared through email using a Google or Microsoft service, the sender's email address is a generic no-reply address, not the email address associated with the account sharing the file.

Sometimes, the sender may be a compromised account. In this case, the message will come from a trusted account and will be difficult to recognize as a phish. However, there are a few things you can look for. Was the file shared at an unusual time? Were you expecting a file from this individual? Does it relate to your work in any way? If anything about the file seems suspicious, it may be malicious.

The email should contain the name of the file that has been shared with you. What does the title say? If it claims to be full of payroll or benefits information, were you expecting such a message? Were you contacted by the relevant department or organization before receiving this email?

Another important red flag in these phish is the account sending the file. Although the account may have the name of your supervisor or a trusted department, be sure to check the account's email address before clicking the link. Sometimes, the sender may be a compromised account. In this case, the message will come from a trusted @kent.edu account and will be difficult to recognize as a phish. However, there are a few things you can look for. Was the file shared at an unusual time? Were you expecting a file from this individual? Does it relate to your work in any way? If anything about the file seems suspicious, it may be malicious.

If you have any doubts about the email's authenticity, we are here to help! Forward the message to phish@kent.edu. We will respond with an analysis of the email and our recommended next steps for you to take.

 

What's Inside the File?

Image of a fish inside a stack of papers.

This scam is a bit more complex than most. The link to the file shared with you by the scammer may not be malicious, though you still should never risk clicking on a dangerous link. If the link is safe, it will lead to a Google Doc or Microsoft Word document with a message for you. This message may ask for your credentials, personal information, or banking information, and will contain another link or a QR code. This link contains the true danger.

The malicious link in the form (or QR code) will take you to a webpage set up by the scammer. This site may download malware onto your device as soon as you click its link. The site may also display a form or a fraudulent login screen that requests your information or credentials. Once this information is entered and submitted, it is sent directly to the scammer.

 

What if it's from DocuSign?

A variant of this scam features an email that appears to come from DocuSign, sent on behalf of a university office. These emails often contain malicious links or QR codes that lead directly to the malicious site.

These emails are easier to recognize as scams for one reason: 性福五月天 no longer uses DocuSign for electronic signatures. If you receive an email from an individual claiming to represent a university office or department that asks you to use DocuSign, report the email to phish@kent.edu right away.

 

What Should I Do?

If you suspect your device has become infected with malware, disconnect it from the university's network and take it to the Tri-Towers Help Desk for inspection. Students and faculty should also reach out to the .

If you fell victim to this scam, you will need to by logging into FlashLine, clicking 鈥淪ettings,鈥 clicking 鈥淯pdate Password,鈥 and entering your current and new passwords when prompted.

If you provided your banking information to the scammer, you will need to contact your bank immediately and tell them all the information that the scammer now has access to.

The email itself can be reported to phish@kent.edu. You can find more information on how to report phishing emails here!

Types of Phishing and Scams

Scammers will use many different methods to try and trick you into giving them important information. Click one of the topics below to learn more about phishing techniques, common scams, and additional advice to help keep yourself safe!

  • Phishing Techniques icon.
    Phishing Techniques

    Scammers will employ various techniques during their phishing campaigns. These are designed to make their attacks more effective, and are often changed depending on the target. Click one of the topics below to learn how to identify and protect yourself from these techniques!

    Read More
  • Common Scams icon.
    Common Scams

    There are many different types of online scams that are designed to steal your money, identity, credentials, and other sensitive information. Though some of these scams seem very different from the others, most scams share several common red flags. Click one of the topics below to learn more about how these scams work, and how to protect yourself and others from them!

    Read More
  • Helpful Articles icon.
    Additional Resources

    When it comes to phishing, scams, and online security, there's a lot to learn. Knowledge is the best defense against cyberattacks. Click any of the articles below to learn more about a topic of interest!

    Read More

Image
alt txt

 

Phishing and Scams

Reporting Phish

Protect Yourself

School of Phish

漏 2026 性福五月天 University All rights reserved.