This is the time of year when scams target students during periods when financial aid funds are disbursed. Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money.
Generally, the spear phishing emails request students’ login credentials for the University’s Student Information System. The cybercriminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the cybercriminal’s control.
Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in an email.
Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). Hover your mouse cursor over the link until a pop-up shows that link. If the link in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding down your finger on a link gets the same pop-up.
Be aware of emails with a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The scammer is trying to rush you into making a mistake.
Watch for emails with an attachment you were not expecting or the email entices you to open the attachment. Examples are emails saying it has an attachment with details of financial aid or a letter from the IRS saying you are being prosecuted.
If the message appears from someone you know, but the tone or wording doesn’t sound like the individual, delete. When in doubt, call the sender to verify they sent it. Cyber attackers easily create emails that appear to be from a friend or coworker.
Send scam emails or any questionable email to abuse@ksu.edu. If you have any questions, contact the IT Help Desk (helpdesk@ksu.edu or 532-7722).