The latest security concerns for K-Staters are social engineering attacks. Social engineering is when a scammer or con artist gets you to do things you wouldn’t ordinarily do for a stranger.
Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone they are not or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.
The motivation behind most social engineering attacks is to steal a K-Stater’s identity, money, and/or intellectual property. They use the stolen identity to hide their true identity while committing illegal activities.
Sometimes a social engineer may use a K-Stater’s identity to pretend to be a student to take out loans under the victim’s identity. Scammers also aim at getting the victim to divulge sensitive information such as research K-State may be conducting.
Social engineers use a variety of methods to scam K-Staters. A popular method used is called phishing scams. Phishing is when attackers send malicious emails designed to trick people into falling for a scam. Phishing scams are documented at K-State at https://blogs.k-state.edu/scams/ , and it is a great resource to see example scams K-Staters have received and reported.
You may recognize a common theme or pattern in these scams, such as:
- Malicious links
- Requests to reply to a message
- Attachments they want you to open
- A combination of all the above
In addition, sometimes, a scammer may create a Google account using the name of the department head or dean in hopes you may believe it is really from your department head or dean.
K-Staters can protect themselves from social engineers and other types of cybersecurity attacks by being proactive about security. There are many things you can do to protect yourself:
- Stay up to date on cybersecurity training. Avoid falling for social engineering attacks by becoming aware of cyberattacks. Cyber attackers work hard to change their methodology, but the motivation tends to be the same. K-State offers annual security training to aid in this task.
- Use two-factor authentication – Two-factor authentication involves using multiple methods to authenticate. If you accidentally fall for a scam, a scammer will need to know your K-State eID and password, along with a second factor for authentication.
- Implement identity protection – Many companies offer this as a service, and you should be careful, as some can be fraudulent and can steal your sensitive information. See the US government Identity Theft website for more information.
- Keep your computer’s software up-to-date – Install operating system and application security updates for your computer, phone, and other mobile devices. Malicious browser ads will take advantage of security vulnerabilities in operating systems and applications. A compromised computer on a network will scan other computers on the same network for vulnerabilities.
- Uninstall unused applications – Applications no longer in use or that have reached their end of life and are no longer supported by the vendor, meaning no more security updates, will leave your computer vulnerable to attacks.
- Disable unused hardware – If you are not using Bluetooth, you should disable it. It is just another open door for an attacker to gain access to your computer.
- Check for HTTPS – When you’re on a website that isn’t using HTTPS, there’s no guarantee that the transfer of information between you and the site is secure. Double-check that a site’s using HTTPS before you give away personal or private information.
- Check your browser “addins” and extensions – Some may be keyloggers that record keystrokes and can send your account credentials to the scammer.
- Familiarize yourself with your cybersecurity policies and procedures – K-State’s policies and procedures regarding IT security can be found at https://www.k-state.edu/it/about/policies/. Security is a people and management challenge. You must play your part and become aware of policies and procedures that can help secure the K-State network. It can take just one person to break the link in the security chain.
- Use a Virtual Private Network (VPN) to privatize your connection – K-State uses GlobalProtect. If you are on an unsecured network like at a coffee shop, you may want to use GlobalProtect to make your connection is private.
- When in doubt, send it to abuse – If you receive a questionable email and prefer to play it safe, you can send it to abuse@ksu.edu. K-State’s Security Intelligence and Operations Center (SIOC) will investigate the email and let you know if it is legitimate or not.