Kansas State University


IT News

Dangerous phishing-scam emails steal more than passwords

by Information Technology ServicesK-State will never ask for your password in an email

K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.

On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.

If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, helpdesk@k-state.edu, 785-532-7722, toll-free 800-865-6143).

Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email.  Never use your K-State eID password on any other account. 

More defenses against email scams

For starters, realize that K-State and other reputable entities will NEVER ask for password or personal identity information via email.

  1. Do not reply to scam emails.  Don’t click on any links in email, and don’t fill out any forms. Delete requests immediately.
  2. Check K-State’s phishing-scams blog to see recent email scams and learn how to recognize scams.
  3. If you doubt the legitimacy of an email, ask your K-State IT support person or contact the IT Help Desk, 785-532-7722, 800-865-6143, helpdesk@k-state.edu or call the company who is purported to have sent the email.
  4. Never use the same password for more than two accounts.

How email scams work

Phishing scams prey on your fears of losing something.  They trick people into providing account and password data under the guise of “false emergency” emails, such as:

  • “Your account or password has been changed/locked/updated”
  • “Your mailbox storage is full”
  • “Your data or photos will be lost”

However, once criminals have access to your accounts, you can lose your money, data, identity, contacts, and much more.

K-State resources protected by your eID/password

If a scammer gets your K-State eID password, they can access, control, and damage your K‑State resources and your personal identity information:

  • Email/webmail account
  • HRIS employee information system
  • KSIS student information system
  • Wireless campus networks
  • K-State Online

If you have given anyone your K-State eID/password, go to eid.k-state.edu and immediately change your password.

About Betsy Edwards

• Web/information specialist in Information Technology Services • Editor/writer, K-State IT communications • IT News blog moderator • ETDR specialist