Kansas State University

search

IT News

Category: Security

Malware filtering applied to email attachments

Office 365 and Outlook logosIn an ongoing effort to keep K-State’s systems and services safe, malware filtering has been activated for K-State’s email. The filter protects the mail system and individual mailboxes from malicious software by blocking attachments that are commonly used to transmit viruses or malicious software.

The malware filtering is applied to all K-State email: Office 365 webmail and Outlook. All incoming and outgoing email is filtered. Go to File Attachment Types Blocked By K-State Email to view a complete listing of the filetypes currently being blocked, along with common file extensions for the specific filetypes. Continue reading “Malware filtering applied to email attachments”

Duo: April 2 enrollment deadline for faculty/staff Group 5

by Information Technology Services

Members of Duo enrollment Group 5 will receive their enrollment email on Tuesday, March 19, with an enrollment deadline Tuesday, April 2.

K-State password + Duo (second-layer security) = Access

Continue reading “Duo: April 2 enrollment deadline for faculty/staff Group 5”

Office 365: Gift card warning notification

Over the last few months, K-State has seen an increase in gift card scams. As you may have noticed a feature has been turned on in Office 365 that warns K-Staters about messages that contain the words “gift card” whether it is in subject line or in the body of the message. If the system detects those words, it will display the following disclaimer in your message:

**These messages have been known to be malicious. Please, be very cautious with these messages.**

You will most likely receive emails that are legitimate and emails that are scams. Review the email carefully before responding. The following are some examples:

Gift card email example

Notice a few things:

  • The email address seem suspicious.
  • The request is urgent. All scams put some sort of emergency in the request.
  • There are typos.

Continue reading “Office 365: Gift card warning notification”

Duo: March 12 enrollment deadline for faculty/staff Group 4

by Information Technology Services

Members of Duo enrollment Group 4 will receive their enrollment email on Tuesday, Feb. 26, with an enrollment deadline Tuesday, March 12.

K-State password + Duo (second-layer security) = Access

Continue reading “Duo: March 12 enrollment deadline for faculty/staff Group 4”

Phishing scams with invoices

K-State is getting hit hard with phishing scams currently. The latest type of scam we are seeing comes in the form of an invoice.

From: Jason White
Sent: Monday, February 11, 2019 12:27 PM
To: **********
Subject: last bill from Jason White
Jason White
Please view your last bill.
Account Number: B13661
Invoice Number Amount
1548201 851.60
Click below to connect eInvoice Payment System
eInvoice Connect
If the above button doesn’t work, please click or copy the below link to your browser
http://secure.accs.send.com/
Thank you for using Jason White eInvoice Connect System

Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.

Cybercriminals are trying to manipulate people into doing what they want so they can steal your information and money.

See the “Students on financial aid are being targeted in phishing attacks” article for more tips on how to stay safe.

See the Scams blog to view recent scams.

Students on financial aid are being targeted in phishing attacks

When in doubt, throw it outThis is the time of year when scams target students during periods when financial aid funds are disbursed. Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money.

Generally, the spear phishing emails request students’ login credentials for the University’s Student Information System. The cybercriminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the cybercriminal’s control.

Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.

Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). Hover your mouse cursor over the link until a pop-up shows that link. If the link in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding down your finger on a link gets the same pop-up.

Be aware of emails with a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The scammer is trying to rush you into making a mistake.

Watch for emails with an attachment you were not expecting or the email entices you to open the attachment. Examples are emails saying it has an attachment with details of financial aid or a letter from the IRS saying you are being prosecuted.

If the message appears from someone you know, but the tone or wording doesn’t sound like the individual, delete. When in doubt, call the sender to verify they sent it. Cyber attackers easily create emails that appear to be from a friend or coworker.

Send scam emails or any questionable email to abuse@ksu.edu. If you have any questions, contact the IT Help Desk (helpdesk@ksu.edu or 532-7722).

Be aware of increase in university phishing scams

When in doubt, throw it outIt’s that time of year when the university sees an increase in the number of phishing scams. Phishing scams are used to trick you into giving up your credentials (eID and password). Once you give up your credentials, the scammer has access to all your K-State accounts (eProfile, Canvas, KSIS, HRIS, wireless and more).

The iTunes Gift Card scam is a common one where an email appears to come from your boss, who states she/he is in a hurry, and requests that you purchase a specific number and denomination of iTunes gift cards. The codes on the gift cards are hard to trace and one of the reasons scammers use this method of phishing. Another common scam is that your boss is inviting you to a meeting.

Some hints that the email is a scam including misspellings, typos and poor grammar, the tone of the email including the use of the word “urgent”, and the use of a fake web address.  When in doubt, delete.

Remember: Don’t be duped. You are responsible and the best line of defense to protect your identity, personal information and university resources.

K-State will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website, where you can find the scams that have been blocked by K-State When in doubt don’t respond, just delete. For tips on how to avoid phishing scams, see the “Learn what it takes to refuse the phishing bait!” article.

Report phishing scams to abuse@ksu.edu and be sure to include the email headers in your message.

Contact the IT Help Desk (helpdesk@ksu.edu or 785-532-7722) if you have additional questions about phishing scams.