UK ITS warns UK community of sophisticated social engineering cyber threats

Have you recently received an email warning you that your access to M365 Office will be shut down or deactivated because you’ve recently graduated, retired or have transferred? These are phishing attempts aimed at gaining access to your personal and UK information. 

University of Kentucky Information Technology Services (UK ITS) cyber security experts say it’s crucial to spot and report these types of phishing emails because falling victim to them may not only compromise your account, but it may harm the university community. 

Normally, spotting phishing emails is easy because of poor grammar usage and typos, but threat actors are beginning to use artificial intelligence chat sites to compose emails that sound legitimate. And in recent instances, these emails then link to Google forms, which users have filled out with personal information including passwords.

“These URLs are not malicious in nature — they're just Google Forms," said ITS Director of Cybersecurity John Lewis. "However, if users input sensitive information such as passwords or MFA codes into these forms, attackers can easily take over the account. Furthermore, if users then communicate via text messages or provide information over the phone, it limits our ability as a cybersecurity team to respond and mitigate potential threats." 

UK ITS wants the university community to be on the lookout for these types of phishing scams. Here are some important tips to remember. 

• UK ITS will never reach out to you to ask for password. Never share your password unless you have called IT technical support directly. 
• Do not approve multi-factor authentication pushes if you have not requested one. This type of cyber threat is called MFA fatigue. Cyber criminals likely have your password and only need you to approve an MFA code and often request them multiple times until you approve.  
• Always check the sender’s email address. UK ITS emails end with a .uky.edu email address. Recent threat actors have used non-UK Gmail and other addresses to threaten UK students, faculty and staff with account deactivations.  
• Never fill out forms sent via email regarding your UK account status. (See example screenshot to the right.) Any changes to your UK account must be made through the Account Manager at ukam.uky.edu, not a form. You will then be notified of any changes via your UK email. Report suspicious emails. This allows UK ITS to handle phishing and social engineering attempts. Step by step instructions can be found in How do I report spam and phishing emails? 
• Be cautious about giving away personal information in a text or phone call. The only contacts that should ever ask for your UK account information would be ITS Customer Services 859-218-HELP (4357) or UK HealthCare IT at 859-323-8586. Do not give any account information over the phone unless you have called them directly. UK ITS cannot help with cyber-attacks that happen over personal devices. 

When these types of attacks gain sensitive information, it can affect your credit score, compromise bank information or other types of information and make it costly to recover.

Reporting phishing on takes a minute by clicking the email icon with the yellow exclamation point in Outlook. 

Sign up for UK ITS alerts, news and cyber security tips here. Follow us on social media for more information.