Skip to content

Phishing – Don’t Get Hooked!

Phishing attacks – attempts to trick you into giving away personal information that can be used to access email and personal bank accounts – have become more frequent and sophisticated. It’s easy to mistake these these scams for legitimate requests, but there are some simple steps you can follow to avoid becoming a victim, and protect yourself and your personal information from scams.

    1. Never respond to emails or phone calls that ask you for any of the following information:
      • Account username
      • Passwords
      • Your birth date
      • Account numbers
      • Bank or credit card pin numbers
      • Credit card expiration date
      • Universities and financial institutions – including UMKC – will not ask for personal account information via email. In addition, the UMKC IS Call Center will not ask for your password via email.

    2. Never click on links in email asking you to verify account information. 
      UMKC will not ask you to click a link to verify account information via an email message.

      UMKC sends two types of account notices via email:

      • SSO password expiration notification messages –  these messages do not ask you to click on a link to update your password, rather, they instruct you how to navigate to a website to do so.
      • Notices of account closure to students, faculty and staff when their enrollment or employment with UMKC has ended – these notices never request any personally identifiable information. However, we ask that recipients of closure notices who believe they have received the notice in error respond via email to report their current status or to provide a reason to retain the account.

      If you doubt the legitimacy of a message that appears to come from UMKC, contact the IS Call Center for assistance.
    3. Use common sense.
      • Always verify the URL (address) of the page that you are entering your information into. Phishing sites may rely on similar URLs, such as,, to fool users. Alternatively, phishing emails may display a link that appears to go to one site, but in reality goes to another. Always visit the site manually and don’t rely on the link in the message.
      • Think twice about using the “opt-out” option that many junk emails offer in their messages. Clicking the “opt-out” button tells a mass mailer that the email address is valid and that someone is reading it. An “opt-out” option is generally only effective when the message comes from a reputable company.
      • Don’t give out your university email address to non-trusted sources (i.e.: free promotions, website registrations, sales people, contests, etc.). If you must provide an email address on a web form, establish a separate email account (e.g., Yahoo Mail, GMail, Hotmail, etc.) or read the provision of the website’s privacy policy about distributing email addresses. Generally speaking, reputable companies do not sell or distribute email addresses.
    When in doubt, contact the UMKC IS Call Center to verify the legitimacy of a message before responding.