K-State is seeing a significant increase in the number of phishing scams within the last few days. Phishing scams are used as a way to trick you into giving up your credentials (eID and password). Once you give up your credentials, the scammer has access to all your K-State accounts.
There have been 239 phishing scams — some duplicates — resulting in 43 compromised accounts since Mon., June 11. The compromised accounts are then used to send additional phishing scams.
K-State will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website. When in doubt don’t respond, just delete.
Report phishing scams to firstname.lastname@example.org and be sure to include the email headers in your message.
Contact the IT Help Desk 785-532-7722 if you have additional questions about phishing scams.
Cybercriminals know the best strategies for gaining access to your sensitive data. According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents.
A few K-State stats:
- In January 2016, there were 60 phishing scams reported resulting in 9 compromised accounts. A compromised account means hackers were successful in getting a K-Stater to give up their eID and password.
- In January 2017, there were 355 phishing scams reported resulting in 313 compromised accounts!
What does this tell us?
You are the first line of defense in protecting your personal identity information. The numbers of phishing scams are going to continue to increase and the best defense is you!
Learn how to identify phishing scams and don’t give your credentials up to these criminals.
Continue reading “Learn what it takes to refuse the phishing bait!”
The Dec. 22 email that appeared to be from President Myers is one more example of the need to be vigilant before responding to an email, clicking a link, or opening an attachment. The email appeared to be legitimate. A point of clarification though is communications from President Myers would more than likely be posted in K-State Today. Also when verifying the “reply to” email address, there was an additional “from” email address not associated with K-State (see the highlighted email below).
U.S. CERT (U.S. Computer Emergency Readiness Team) reminds us to remain on the alert and when in doubt, delete the email, avoid clicking on a link and do not open suspicious attachments. When in doubt, DELETE.
In response to the latest phishing scam, Information Technology Services and Communications and Marketing have:
- Blocked the URL for the email on the K-State network
- Sent the attachment to Trend Micro for analysis. The attachment was deemed malicious and Trend Micro is preventing the attachment from being downloaded.
- Posted notices about the scam throughout campus.
US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
Report the attack to the police and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.
by Information Technology Services
K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.
On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.
If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, email@example.com, 785-532-7722, toll-free 800-865-6143).
Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email. Never use your K-State eID password on any other account. Continue reading “Dangerous phishing-scam emails steal more than passwords”
The beginning of every semester, K-State sees a significant increase in the number of phishing-scam emails trying to steal eID passwords. These emails try to trick K-Staters into providing their eID and password to criminals under the guise of “false emergency” emails, including:
- “Upgrade your webmail account!”
- “Your mailbox storage limit is full!”
- “Your data/photos/etc. will be lost!”
THESE ARE ALL SCAMS. K-State Information Technology Services staff will NEVER ask for your password in an email. Do not reply to these scam emails, or click a link in email and fill out a form with your eID and password.
Abide by one simple rule and you will be safe from these scams and others: NEVER provide your password to anyone in response to an email! Continue reading “Increase in phishing-scam emails trying to steal K-State eID passwords”
Attention, K-State faculty, staff and students,
Since the start of the fall 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 75 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.
THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password. Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”
K-State broke a record in 2010, but it is not a record to be proud of: 445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.
Obviously, the first thing on this semester’s top-six security list must be:
- Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009) that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
Continue reading “Six things you need to know about IT security at K-State”
The daily count of compromised eIDs dropped after July 28 when a warning was sent to all K-Staters via the security-alerts mailing list, but sadly, some people are still responding to phishing scams and giving their eID password to criminals.
Some of these scams try to convince people they have exceeded a quota or limit on the amount of e-mail they can store on the system. All such e-mails are scams, because there is no limit on the amount of e-mail you can store in K-State’s Zimbra e-mail system. Thus, a quick way to recognize a scam: Anything that indicates you have exceeded a storage limit or quota in K-State’s e-mail is a scam. Like other scams, you can simply ignore and delete the e-mail.
Continue reading “Another way to detect phishing scam e-mails”
Criminals seem to be working overtime in their efforts to steal eID passwords, which is no surprise since their efforts are paying dividends: Since July 18, 77 K-Staters have been tricked into giving away their eID passwords via phishing scam e-mails! The count since January 1, 2010, is 255 K-Staters!
When stolen e-mail accounts are used to send massive amounts of spam to recipients all over the world, other e-mail service providers view K-State as a source of spam and start blocking ALL e-mail from K-State by putting us on their “spam block-list.” Continue reading “Phishing scams + stolen passwords = problems for everyone”