Kansas State University

search

IT News

Category: Security

Duo: April 2 enrollment deadline for faculty/staff Group 5

by Information Technology Services

Members of Duo enrollment Group 5 will receive their enrollment email on Tuesday, March 19, with an enrollment deadline Tuesday, April 2.

K-State password + Duo (second-layer security) = Access

Continue reading “Duo: April 2 enrollment deadline for faculty/staff Group 5”

Office 365: Gift card warning notification

Over the last few months, K-State has seen an increase in gift card scams. As you may have noticed a feature has been turned on in Office 365 that warns K-Staters about messages that contain the words “gift card” whether it is in subject line or in the body of the message. If the system detects those words, it will display the following disclaimer in your message:

**These messages have been known to be malicious. Please, be very cautious with these messages.**

You will most likely receive emails that are legitimate and emails that are scams. Review the email carefully before responding. The following are some examples:

Gift card email example

Notice a few things:

  • The email address seem suspicious.
  • The request is urgent. All scams put some sort of emergency in the request.
  • There are typos.

Continue reading “Office 365: Gift card warning notification”

Duo: March 12 enrollment deadline for faculty/staff Group 4

by Information Technology Services

Members of Duo enrollment Group 4 will receive their enrollment email on Tuesday, Feb. 26, with an enrollment deadline Tuesday, March 12.

K-State password + Duo (second-layer security) = Access

Continue reading “Duo: March 12 enrollment deadline for faculty/staff Group 4”

Phishing scams with invoices

K-State is getting hit hard with phishing scams currently. The latest type of scam we are seeing comes in the form of an invoice.

From: Jason White
Sent: Monday, February 11, 2019 12:27 PM
To: **********
Subject: last bill from Jason White
Jason White
Please view your last bill.
Account Number: B13661
Invoice Number Amount
1548201 851.60
Click below to connect eInvoice Payment System
eInvoice Connect
If the above button doesn’t work, please click or copy the below link to your browser
http://secure.accs.send.com/
Thank you for using Jason White eInvoice Connect System

Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.

Cybercriminals are trying to manipulate people into doing what they want so they can steal your information and money.

See the “Students on financial aid are being targeted in phishing attacks” article for more tips on how to stay safe.

See the Scams blog to view recent scams.

Students on financial aid are being targeted in phishing attacks

When in doubt, throw it outThis is the time of year when scams target students during periods when financial aid funds are disbursed. Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money.

Generally, the spear phishing emails request students’ login credentials for the University’s Student Information System. The cybercriminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the cybercriminal’s control.

Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.

Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). Hover your mouse cursor over the link until a pop-up shows that link. If the link in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding down your finger on a link gets the same pop-up.

Be aware of emails with a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The scammer is trying to rush you into making a mistake.

Watch for emails with an attachment you were not expecting or the email entices you to open the attachment. Examples are emails saying it has an attachment with details of financial aid or a letter from the IRS saying you are being prosecuted.

If the message appears from someone you know, but the tone or wording doesn’t sound like the individual, delete. When in doubt, call the sender to verify they sent it. Cyber attackers easily create emails that appear to be from a friend or coworker.

Send scam emails or any questionable email to abuse@ksu.edu. If you have any questions, contact the IT Help Desk (helpdesk@ksu.edu or 532-7722).

Be aware of increase in university phishing scams

When in doubt, throw it outIt’s that time of year when the university sees an increase in the number of phishing scams. Phishing scams are used to trick you into giving up your credentials (eID and password). Once you give up your credentials, the scammer has access to all your K-State accounts (eProfile, Canvas, KSIS, HRIS, wireless and more).

The iTunes Gift Card scam is a common one where an email appears to come from your boss, who states she/he is in a hurry, and requests that you purchase a specific number and denomination of iTunes gift cards. The codes on the gift cards are hard to trace and one of the reasons scammers use this method of phishing. Another common scam is that your boss is inviting you to a meeting.

Some hints that the email is a scam including misspellings, typos and poor grammar, the tone of the email including the use of the word “urgent”, and the use of a fake web address.  When in doubt, delete.

Remember: Don’t be duped. You are responsible and the best line of defense to protect your identity, personal information and university resources.

K-State will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website, where you can find the scams that have been blocked by K-State When in doubt don’t respond, just delete. For tips on how to avoid phishing scams, see the “Learn what it takes to refuse the phishing bait!” article.

Report phishing scams to abuse@ksu.edu and be sure to include the email headers in your message.

Contact the IT Help Desk (helpdesk@ksu.edu or 785-532-7722) if you have additional questions about phishing scams.

Duo: Feb. 12 enrollment deadline for faculty/staff Group 2

To facilitate implementation of Duo, faculty/staff have been assigned to Duo enrollment groups. Members of Group 2 will receive their enrollment email on Tuesday, Jan. 29, with an enrollment deadline Tuesday, Feb. 12.

K-State password + Duo (second-layer security) = Access

Continue reading “Duo: Feb. 12 enrollment deadline for faculty/staff Group 2”

Duo, new IT security layer, has Jan. 29 enrollment deadline for faculty/staff Group 1

As President Myers announced last week, K-State is using a second layer of security called Duo for the university’s online applications and systems, in addition to eID/password sign-in.

K-State password + Duo (second-layer security) = Access

To facilitate implementation, faculty/staff have been assigned to Duo enrollment groups. Members of Group 1 will receive their enrollment email on Tuesday, Jan. 15, with an enrollment deadline Tuesday, Jan. 29.

For security reasons, group lists and enrollment timelines will not be made public. Continue reading “Duo, new IT security layer, has Jan. 29 enrollment deadline for faculty/staff Group 1”

Connecting to Windows Software Update Service (WSUS)

Make it easy to keep your computer safe with K-State’s Windows Software Update Service (WSUS), for K-State owned computers. WSUS deploys the latest Microsoft product updates to computers running Microsoft Windows. Computers connected to the WSUS server automatically receive critical/security patches. Windows 10 version updates (e.g. Creators Update 1703) will be released on a managed schedule and email communication will go out prior to each release.

K-Staters located on the Manhattan, Olathe, or Salina campus are encouraged to use WSUS on their university owned machines running Windows 10 Pro or Enterprise. See the K-State’s Windows Software Update Service (WSUS) knowledge base article for instructions on how to set up the service.

University PPM 3430 Security for Information, Computing and Network Resources requires the latest security patches available to be installed.

Contact your departmental IT support or the IT Help Desk (helpdesk@ksu.edu, phone: 532-7722) to determine what your department is doing to keep your computers up-to-date.