Phishing scams target health care employees
ºÃÉ«ÏÈÉú Information Technology Services will never ask you to fill out a form with your account information.

JUNE 12, 2024

Members of the ºÃÉ«ÏÈÉú community continue to be impacted heavily by a phishing scam that asks ºÃÉ«ÏÈÉú community members to fill out a Google form with their ºÃÉ«ÏÈÉú account information.  These types of attacks can result in personal and financial information being compromised. 

University of Kentucky Information Technology Services (ºÃÉ«ÏÈÉú ITS) cyber security experts say it’s crucial to spot and report these types of phishing emails because falling victim to them may not only compromise your account, but it may harm the university community. 

“These URLs are not malicious in nature — they're just Google Forms," said ITS Director of Cybersecurity John Lewis. "However, if users input sensitive information such as passwords or MFA codes into these forms, attackers can easily take over the account."

ºÃÉ«ÏÈÉú ITS wants the university community to be on the lookout for these types of phishing scams. Here are some important tips to remember. 

  • ºÃÉ«ÏÈÉú ITS will never reach out to you to ask for a password. Never share your password unless you have called IT technical support directly. 
  • Do not approve multi-factor authentication pushes if you have not requested one. This type of cyber threat is called MFA fatigue. Cybercriminals likely have your password and only need you to approve an MFA code and often request them multiple times until you approve.  
  • Always check the sender’s email address. ºÃÉ«ÏÈÉú ITS emails end with a .uky.edu email address. Recent threat actors have used non-ºÃÉ«ÏÈÉú Gmail and other addresses to threaten ºÃÉ«ÏÈÉú students, faculty, and staff with account deactivations.  
  • Never fill out forms sent via email regarding your ºÃÉ«ÏÈÉú account status. Any changes to your ºÃÉ«ÏÈÉú account must be made through the Account Manager at ukam.uky.edu, not a form. You will then be notified of any changes via your ºÃÉ«ÏÈÉú email. Report suspicious emails. This allows ºÃÉ«ÏÈÉú ITS to handle phishing and social engineering attempts. Step-by-step instructions can be found in  
  • Be cautious about giving away personal information in a text or phone call. The only contacts that should ever ask for your ºÃÉ«ÏÈÉú account information would be ITS Customer Services at 859-218-HELP (4357) or ºÃÉ«ÏÈÉú HealthCare IT at 859-323-8586. Do not give any account information over the phone unless you have called them directly. ºÃÉ«ÏÈÉú ITS cannot help with cyber-attacks that happen over personal devices. 

More information can be found .

Share this Article

Latest Stories

The future of surgery: Augmented reality enhances ºÃÉ«ÏÈÉú residents’ skillset

Bridging the gap: ºÃÉ«ÏÈÉú’s Transition to Residency prepares medical students for intern year

ºÃÉ«ÏÈÉú study highlights harmful connection between obesity, kidney disease

Congratulations to the 2025 MVPE Awardees
View All News