Kansas State University

search

IT News

Dangerous phishing scam hits K-Staters' e-mail

Many K-Staters received a spear phishing scam e-mail on Monday that is particularly dangerous because it seems to refer to upcoming changes in K-State’s e-mail; appears to be from K-State’s IT Help Desk; and asks for your K-State eID and password. The criminals responsible for these scams have obviously done their homework to make the message appear legitimate. But it is not — it is a scam that is trying to steal your eID password and use it to log in to your Webmail account and use it to spam.

As always, though, you can remember this one simple rule and be safe from this type of scam: K-State IT support staff will NEVER ask for your password in an e-mail!

To help you recognize this and other scams like it, the headers of the scam message are:

From: “ITS Help Desk” <helpdesk@ksu.edu>
To: undisclosed-recipients:;
Sent: Sunday, April 4, 2010 6:49:32 PM GMT -06:00 US/Canada Central
Subject: Scheduled Service Maintenance

The entire message can be viewed on K-State’s IT security threats blog, as can many other examples of phishing scams seen at K-State. Even though it appears legitimate, it still has many characteristics that indicate it’s a scam:

  • The reply-to the messages goes to a “live.com” e-mail address (its-helpdesk@live.com), not a k-state.edu address. (This is a VERY important clue.)
  • The message contains grammar errors.
  • You will never have to provide your eID and password to confirm your account during maintenance or an upgrade of K-State’s e-mail system, and your account would not be deactivated for failure to do so.
  • It mentions an “OIT database” — there is no such thing at K-State.
  • The closing does not provide specific contact information for asking questions or confirming the e-mail’s legitimacy.
  • There is no mention of this so-called “scheduled service maintenance” on K-State’s IT services status page or the Zimbra website.

If you ever have any questions about the legitimacy of an e-mail, contact your IT support person or the IT Help Desk for help. You may also check the IT security threats blog to see if the phishing scam has been reported. Whatever you do, do NOT give away your eID password, and think before you click.

Share this post:

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer