Members of the UK community continue to be impacted heavily by a phishing scam that asks UK community members to fill out a Google form with their UK account information. These types of attacks can result in personal and financial information being compromised.
University of Kentucky Information Technology Services (UK ITS) cyber security experts say it’s crucial to spot and report these types of phishing emails because falling victim to them may not only compromise your account, but it may harm the university community.
“These URLs are not malicious in nature — they're just Google Forms," said ITS Director of Cybersecurity John Lewis. "However, if users input sensitive information such as passwords or MFA codes into these forms, attackers can easily take over the account."
UK ITS wants the university community to be on the lookout for these types of phishing scams. Here are some important tips to remember.
- UK ITS will never reach out to you to ask for a password. Never share your password unless you have called IT technical support directly.
- Do not approve multi-factor authentication pushes if you have not requested one. This type of cyber threat is called MFA fatigue. Cybercriminals likely have your password and only need you to approve an MFA code and often request them multiple times until you approve.
- Always check the sender’s email address. UK ITS emails end with a .uky.edu email address. Recent threat actors have used non-UK Gmail and other addresses to threaten UK students, faculty, and staff with account deactivations.
- Never fill out forms sent via email regarding your UK account status. Any changes to your UK account must be made through the Account Manager at ukam.uky.edu, not a form. You will then be notified of any changes via your UK email. Report suspicious emails. This allows UK ITS to handle phishing and social engineering attempts. Step-by-step instructions can be found in How do I report spam and phishing emails?
- Be cautious about giving away personal information in a text or phone call. The only contacts that should ever ask for your UK account information would be ITS Customer Services at 859-218-HELP (4357) or UK HealthCare IT at 859-323-8586. Do not give any account information over the phone unless you have called them directly. UK ITS cannot help with cyber-attacks that happen over personal devices.
More information can be found here.