Kansas State University


IT News

Another way to detect phishing scam e-mails

The daily count of compromised eIDs dropped after July 28 when a warning was sent to all K-Staters via the security-alerts mailing list, but sadly, some people are still responding to phishing scams and giving their eID password to criminals.

Quota/storage scams

Some of these scams try to convince people they have exceeded a quota or limit on the amount of e-mail they can store on the system. All such e-mails are scams, because there is no limit on the amount of e-mail you can store in K-State’s Zimbra e-mail system. Thus, a quick way to recognize a scam: Anything that indicates you have exceeded a storage limit or quota in K-State’s e-mail is a scam. Like other scams, you can simply ignore and delete the e-mail.

In the last two weeks, some phishing scam e-mails received by K-Staters that fall into this category had the following subject lines (click a link below to see the entire scam e-mail content):

Some of you probably recall times prior to K-State’s move to Zimbra when we did have limits on the size of e-mail storage and you received a warning when you exceeded 20 megabytes. That’s one of the reasons people are tricked by this type of scam. The days of 20MB storage limits are long gone, though. You will NEVER receive a legitimate e-mail warning about approaching or exceeding a storage quota or limit on your K-State e-mail.

The only limit imposed on K-State e-mail is the size of an individual message and all its attachments, which is limited to a maximum of 35MB per message. I shoScreen shot 2010-08-13 at 11.31.15 AMuld note, though, that this does not give you license to arbitrarily and carelessly use disk space. Manage your e-mail storage judiciously and only keep what you need. You can view the total disk space used by ALL of your Zimbra data (i.e., your Documents and Briefcase items stored in Zimbra, too) in the upper left corner of the Zimbra Webmail client (see adjacent snapshot of my total disk space).

Broken-technology scams

Some scams attempt to get your password by saying the university’s technology services were broken, are being upgraded, or are being repaired  — and your e-mail address and password data was lost or needs to be re-entered. Examples of these scams include:

Remember: Any e-mail that asks for your password is a scam and should be deleted. K-State will never ask for your password in e-mail.

More information is available on K-State’s IT security website about how to recognize scams. Please familiarize yourself with this information, since new phishing scams arrive in K-State inboxes daily. You do not want to be the next victim!

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer