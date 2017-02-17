We all get those pesky emails, you know the ones with URGENT in the subject line, telling us our student email account will be deleted unless we click the handy-dandy link in the email.

But by now we should know the truth: Click the link and you likely just fell victim to a phishing scheme. Your information—ID number, PIN code and even your social security number, depending on the scheme—could fall into the hands of a hacker.

Lisa Moore, IT Communication and Student Support Services Manager at EKU, said that phishers can profit handily, potentially making millions of dollars, by hacking into student accounts.

Being aware of what you have in your email signature can keep you from danger, Moore said. Some students put their 901 student ID numbers in their email signatures, which hackers can easily pick up and use to go deeper into those students’ accounts.

“Phishing scams are getting worse, but that’s the case everywhere,” Moore said.

Moore said that some of the worst scams on campus were ransomeware attacks, where the hackers encrypt data until you pay them. Employees and students were infected with it.

Tips to avoid phisher’s nets:

Simple ways to prevent hacking includes having a variety of passwords instead of using just one for each account. Follow EKU IT on Twitter @EKUITColonels and they will post a screenshot of the questionable email and let you know it’s not safe. You can also forward suspicious emails to spam@eku.edu and ask if it’s legit.

If you find yourself a victim of a phishing scheme, the first step is to change your password on your email account. The next step is to check if your email has email forwarding turned on. If your account was hacked, the hacker turned on email forwarding so they can get all of your emails. If you have email forwarding on, then you know you were hacked.

If you ever get an email you’re not sure about, Moore said to look for any kind of urgency in the email, such as “you’re going to lose your email if you don’t click this link!” Any unexpected attachments on emails should be left alone. Phishing emails frequently also have misspellings or grammar mistakes.

If an email says it’s from IT, there’s a way to check that, too. IT will never ask you to change your password. An email asking you to change your password is a phishing email.

EKU IT recently set up a new phishing detection program to help IT find and knock out phishing.

“We’ve enacted a program where if we see a student email sending out more than 750 emails, their email account and password are automatically reset and the forwarding option turned off,” Moore said. “If we see the hacks, IT can take care of it from their end, but the student has to contact IT or EKU Direct to reset their password.”