K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.
On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.
If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, firstname.lastname@example.org, 785-532-7722, toll-free 800-865-6143).
Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email. Never use your K-State eID password on any other account.
More defenses against email scams
For starters, realize that K-State and other reputable entities will NEVER ask for password or personal identity information via email.
- Do not reply to scam emails. Don’t click on any links in email, and don’t fill out any forms. Delete requests immediately.
- Check K-State’s phishing-scams blog to see recent email scams and learn how to recognize scams.
- If you doubt the legitimacy of an email, ask your K-State IT support person or contact the IT Help Desk, 785-532-7722, 800-865-6143, email@example.com or call the company who is purported to have sent the email.
- Never use the same password for more than two accounts.
How email scams work
Phishing scams prey on your fears of losing something. They trick people into providing account and password data under the guise of “false emergency” emails, such as:
- “Your account or password has been changed/locked/updated”
- “Your mailbox storage is full”
- “Your data or photos will be lost”
However, once criminals have access to your accounts, you can lose your money, data, identity, contacts, and much more.
K-State resources protected by your eID/password
If a scammer gets your K-State eID password, they can access, control, and damage your K‑State resources and your personal identity information:
- Email/webmail account
- HRIS employee information system
- KSIS student information system
- Wireless campus networks
- K-State Online
If you have given anyone your K-State eID/password, go to eid.k-state.edu and immediately change your password.