On Friday, January 30, 2009, a memo went out to all KU faculty, staff, and students. It read a little something like this:

We talk a lot about phishing on this blog. Here's the thing, though: all of these scams are essentially the same. These messages are all wolves in sheep's clothing, but sometimes the wolves accessorize differently. They might wear black shoes instead of brown, they may put on different earrings, but the effect is still the same: they are bad guys trying to get good guys to part with their confidential information.

If we posted a blog entry every time a new phishing e-mail came out, we'd need to hire a full-time blogger just to keep up with the posts. So here are some iron-clad tips to help you avoid getting phished:

SLOW DOWN and READ the message before you respond.

More than a few people have told us that they just "replied before they got a chance to think about it."

Look for messages that attempt to convey a sense of urgency.

"Your account access will be disabled." "Respond now to increase your mailbox size." "We will report you to the authorities if you do not respond." See that? They're trying to scare you into acting without thinking.

Watch out for messages that ask for information the requester should already have.

Your e-mail provider (KU, Google Mail, Yahoo, whoever) already knows your password. They do not need to be reminded of it--EVER. Your bank already knows your account number and PIN. The IRS already has your Social Security Number. Can you see where we're headed with this?

The messages tend to get little details wrong.

If you've been around KU for any length of time, you'll start to get a feel for what departments are named. If you're not sure, why not do a search from www.ku.edu? We have this spiffy search box in the upper right-hand corner. It's even powered by Google. Want to take a different tack? Try a search that looks like this from www.google.com: site:ku.edu help desk. That tells Google to only search sites in the ku.edu domain. It's a handy trick to know, and it can help you figure out if an e-mail is coming from who it claims to be coming from.

Look at the header--the "To, From, Subject" stuff.

Tell me something: does this message look like it really and truly is from someone at KU?

From: Kansas University Mail Admin [mailto:kansas.8@maillier.com] Sent: Tuesday, February 03, 2009 12:34 AM To: ""@localhost.cc.ku.edu Subject: Confirm Email Account

Do you see the issues here? Let's point them out:

From: Kansas University Mail Admin [mailto:kansas.8@maillier.com] <--That's not what we call our mail admin, and furthermore that's not a domain we use. Sent: Tuesday, February 03, 2009 12:34 AM <--Our sysadmins work hard, but we don't make them send messages in the middle of the night. They need sleep too! To: ""@localhost.cc.ku.edu <--No. Just...no. This wasn't sent to you, unless your e-mail address is ""@localhost.cc.ku.edu, which it isn't. Subject: Confirm Email Account <--Again, trying to get you to act without thinking.

We want to hear about it when someone attempts to phish your credentials. If you get a message that you suspect is fake, take the following steps:

1. Do not respond. Not even to tell them to "go away."
2. Attach the suspect message to blank e-mail and send it to abuse@ku.edu.
3. Delete the suspect message.
4. Rest easy knowing that you did not divulge sensitive personal information to a scammer.

Keep an eye on the Be SeKUre blog, our Twitter feed, and the IT Security Office website for updates and alerts.