The daily count of compromised eIDs dropped after July 28 when a warning was sent to all K-Staters via the security-alerts mailing list, but sadly, some people are still responding to phishing scams and giving their eID password to criminals.
Some of these scams try to convince people they have exceeded a quota or limit on the amount of e-mail they can store on the system. All such e-mails are scams, because there is no limit on the amount of e-mail you can store in K-State’s Zimbra e-mail system. Thus, a quick way to recognize a scam: Anything that indicates you have exceeded a storage limit or quota in K-State’s e-mail is a scam. Like other scams, you can simply ignore and delete the e-mail.
In the last two weeks, some phishing scam e-mails received by K-Staters that fall into this category had the following subject lines (click a link below to see the entire scam e-mail content):
- Webmail/Quota Storage Upgrade
- Your mailbox has exceeded the storage limit
- MailBox Has Exceeded It Quota (sic)
- Your Account Expires in 2 Day(s)
Some of you probably recall times prior to K-State’s move to Zimbra when we did have limits on the size of e-mail storage and you received a warning when you exceeded 20 megabytes. That’s one of the reasons people are tricked by this type of scam. The days of 20MB storage limits are long gone, though. You will NEVER receive a legitimate e-mail warning about approaching or exceeding a storage quota or limit on your K-State e-mail.
The only limit imposed on K-State e-mail is the size of an individual message and all its attachments, which is limited to a maximum of 35MB per message. I should note, though, that this does not give you license to arbitrarily and carelessly use disk space. Manage your e-mail storage judiciously and only keep what you need. You can view the total disk space used by ALL of your Zimbra data (i.e., your Documents and Briefcase items stored in Zimbra, too) in the upper left corner of the Zimbra Webmail client (see adjacent snapshot of my total disk space).
Some scams attempt to get your password by saying the university’s technology services were broken, are being upgraded, or are being repaired — and your e-mail address and password data was lost or needs to be re-entered. Examples of these scams include:
- University WebMail Warning Alert!!! (says “currently performing maintenance on our Webmail…”)
- Dear account user (says “updating our database…”)
- Account Upgrade/Maintenance (says “your email has not passed the verification/Update process that we are presently working on”)
- Warning/Login Cancelation (says “Your email account has to be upgraded…”)
- Reactivation Of Your KSU Email Account (says “All mailhub systems will undergo regularly scheduled maintenance…”)
- K-State Account Verification (says will “delete inactive accounts to create space for fresh users…”)
Remember: Any e-mail that asks for your password is a scam and should be deleted. K-State will never ask for your password in e-mail.
More information is available on K-State’s IT security website about how to recognize scams. Please familiarize yourself with this information, since new phishing scams arrive in K-State inboxes daily. You do not want to be the next victim!