NEVER accept a DUO Multifactor Authentication request if you did not attempt to log in recently!
If you receive an unsolicited DUO push, immediately go to https://netid.kennesaw.edu and reset your password.
The Phish Market is a list of recent emails that were reported to the KSU Office of
Cybersecurity as possible phishing attempts on the University community. The Office
of Cybersecurity has confirmed these messages as malicious phishing attempts. If you
have received an email that you believe may contain a phishing attempt, it is possible
that some of the language and links differ from similar messages posted on the Phish
Market. It is not uncommon for malicious actors to create variant messages.
We update this list regularly but it is possible that you received the message before it is published to the Phish Market. If you mistakenly provided credentials to a confirmed phishing email, please change your NetID password immediately at https://netid.kennesaw.edu. If you receive a suspicious email not in the Phish Market, please forward it to email@example.com.
Email is the official method of communication at Kennesaw State University. All announcements and business related correspondence are conducted through official Kennesaw State University email accounts. Any email claiming to be an employee of the university that does not originate from an “@kennesaw.edu” address should be held in suspicion, especially if it claims to be from a person of leadership. Please follow the reporting instructions above if you receive suspicious emails that meet these criteria.
How can you identify what is a legitimate email message and what is not?
- Look for [EXTERNAL] in the email subject line and inspect the display name on the "From:" address. Verify that the name on the email corresponds with the email address. For example, the name on the address could be KSU Service Desk, but if the email address does not contain "@kennesaw.edu," the email is likely spam or phishing.
- Check (but do not click) the links to web sites. Hover your cursor over any links in the message and note the address. Does the address make sense and match the rest of the content of the email? For example, links to most KSU or USG sites will include kennesaw.edu or usg.edu. The same is typically true of other companies.
- Take time to think it through - it is easy to forge an "official" email. Phishers can use company logos, photos, and even spoof email addresses to make their attempts look more legitimate. Take extra caution in reviewing an email that you did not expect to receive and asks you to take action.
- Report malicious/suspicious emails. If you have reviewed the email and are still unsure of its authenticity, please forward it to firstname.lastname@example.org for the Office of Cybersecurity to review.