Kansas State University

search

IT News

Author: Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer

Students fall for jobs scam

Everyone at one time or another has received spam e-mails promising high-paying jobs for part-time work at home. Unfortunately, at least three K-State students responded to such offers recently and almost became victims of fraud. The offer was simple and enticing:

Work from school/home and earn $300 weekly… each days job takes maximum of 50mins… you are not working every day, only when necessary… kindly get back to us ASAP if you care to know more about the job offer.

When the students responded, they were asked to provide their name, address, phone number, age, and gender. They then received in postal mail a check for nearly $2,000 and were instructed to cash it at their bank, keep $180 for themselves to cover “internet connectivity for the first month of your job” and send the rest to their “material supplier in Michigan.” Yeah, right. One student became suspicious before it got to this point and reported it. Two others tried to cash the bogus checks which were fortunately caught by alert Manhattan bank tellers and reported to the police.

Continue reading “Students fall for jobs scam”

Six things you need to know about IT security at K-State

IT security = YOUThus far in 2010, 292 K-Staters have been duped by spear-phishing scam e-mails and given away their eID password to criminals who then use the stolen information to sign in to webmail and send thousands of spam messages. Sadly, we’re on pace to break last year’s record of 431 K-Staters who gave away their passwords in this way.

Obviously, the first thing on this semester’s top-six security list must be:

  1. Never give your password to anyone in an e-mail message! K-State was plagued by nearly 300 instances of phishing scams in 2009 (and 260 thus far in 2010!)  that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
  2. Learn to recognize scams, frauds, and other forms of malicious communications so you don’t become a victim of identity theft, financial fraud, or end up with a compromised computer. Criminals are using all kinds of new tricks and coming at you from all angles — e-mail, social networking sites like Facebook and Twitter, malicious links on webpages, Instant Messaging, phone calls, and even knocking on your door. As an example, last year more than 230 K-Staters were tricked into opening malicious e-mail attachments, resulting in 230+ compromised computers. Be informed and think before you click! Continue reading “Six things you need to know about IT security at K-State”

Another way to detect phishing scam e-mails

The daily count of compromised eIDs dropped after July 28 when a warning was sent to all K-Staters via the security-alerts mailing list, but sadly, some people are still responding to phishing scams and giving their eID password to criminals.

Quota/storage scams

Some of these scams try to convince people they have exceeded a quota or limit on the amount of e-mail they can store on the system. All such e-mails are scams, because there is no limit on the amount of e-mail you can store in K-State’s Zimbra e-mail system. Thus, a quick way to recognize a scam: Anything that indicates you have exceeded a storage limit or quota in K-State’s e-mail is a scam. Like other scams, you can simply ignore and delete the e-mail.

Continue reading “Another way to detect phishing scam e-mails”

Phishing scams + stolen passwords = problems for everyone

Criminals seem to be working overtime in their efforts to steal eID passwords, which is no surprise since their efforts are paying dividends: Since July 18, 77 K-Staters have been tricked into giving away their eID passwords via phishing scam e-mails! The count since January 1, 2010, is 255 K-Staters!

When stolen e-mail accounts are used to send massive amounts of spam to recipients all over the world, other e-mail service providers view K-State as a source of spam and start blocking ALL e-mail from K-State by putting us on their “spam block-list.” Continue reading “Phishing scams + stolen passwords = problems for everyone”

Changing (and discovering) default passwords

It is best practice and K-State policy to change default passwords on any device added to the network. It’s also critical to do this at home on devices like your cable modem, DSL modem, and wireless router to reduce the chances that someone can change the configuration and gain unauthorized and potentially malicious access to your network.  If you’re not convinced of the need to do this, see the June 22 InfoTech Tuesday article on why you should secure your home wireless network.

Continue reading “Changing (and discovering) default passwords”

Increased laptop thefts on campus are wake-up call

An increase in thefts of laptop computers from K-State offices, labs, and classrooms over the past few months point to a need for K-State faculty, staff, and students to be more diligent about protecting their laptops and the data stored on them. Virtually every theft was opportunistic, made easy by people leaving unsecured laptops in plain sight in an office, lab, or residence hall room with the door left open.

One campus theft recorded by a video surveillance camera showed that it only took six seconds for the thief to unplug the computer and make off with the power adapter and laptop. SIX SECONDS! Fortunately in this case, the criminal was identified from the video and the laptop was recovered, but not before it was reformatted and the student’s term paper lost. We were lucky in this case, since most stolen laptops are not recovered.

We make it too easy

The vast majority of these thefts are “thefts of opportunity” that are easily prevented.

  1. In a case this past week, a laptop was stolen from an office when a faculty member left for just a few minutes and left the door open.
  2. Two others (belonging to visitors to campus) were stolen recently from an unlocked classroom being used for a continuing education workshop.
  3. Three others were stolen from a common student office area that was unlocked.

Continue reading “Increased laptop thefts on campus are wake-up call”

Why you need to secure your home wireless network

Recent news out of Minnesota caught my attention and underscores the need for people to secure wireless networks at home. Barry Ardolf is accused of tapping into his neighbor’s home wireless network and sending a threatening e-mail to Vice President Joe Biden, making it appear to have come from his neighbor. As if that’s not enough, he also is alleged to have sent sexually explicit e-mails to his neighbor’s co-worker; sent child porn to his neighbor’s boss; set up a MySpace page in his neighbor’s name and posted child porn on it; used fake e-mail accounts set up in his neighbor’s name; and stole personal identity information.

Presumably none of us have neighbors like Ardolf, but I assure you many of us have neighbors who wouldn’t hesitate to use your wireless network if you make it easy for them. And default settings on common wireless routers do just that.

Here are five steps you should take to securely configure your home wireless network: Continue reading “Why you need to secure your home wireless network”

A hacked TV at K-State = a "sign" of things to come?

When K-State’s IT security team investigated a compromised system detected by its Intrusion Detection System last week, they were surprised to discover that the infected device was a television! Yes, a TV. Of course it’s not just any ol’ TV — it’s a special Samsung TV that also has a computer and operating system in it, so it can be used for multiple functions. In this case, it was used as an information kiosk in the lobby of a building to provide touch-screen access to information about the building and the department housed therein.

This device is running a special “embedded” version of Windows XP that had unpatched vulnerabilities. Since it was connected to the campus network, it was exposed to hackers — who exploited the vulnerabilities, took over control of the computer portion of the device, connected it to an IRC botnet, and used it to transfer pirated movies and who-knows-what-else.

Continue reading “A hacked TV at K-State = a "sign" of things to come?”

IT security roundtable June 4: Risks of social networking

Social networks like Facebook, Twitter, YouTube, and MySpace are a fact of life (and for some, obsessions!), especially for the current generation of students at K-State. The reality is if you want to communicate with that generation, you need to  have a presence in social media. The other reality is that hackers/criminals know this is where people spend their time and therefore target these platforms.

Social networks have also permanently altered the privacy landscape on many fronts — the information we post about ourselves, what others post about us, and the information about you that the social networking sites themselves harvest and perhaps share with third parties.

Join us 9-10 a.m. this Friday, June 4, in Union 213 (note that it will only last one hour this time) for a discussion on the security risks of social networking. Continue reading “IT security roundtable June 4: Risks of social networking”

IT security roundtable May 7: Traveling safely

Summertime makes Manhattan seem like a ghost town as K-State students, faculty, and staff hit the roads and airways for distant lands. The potential rewards of personal and professional travel are great, but so are the security risks. Thus, this month’s IT security roundtable will discuss tips on how to travel safely so people can protect themselves from identity theft, financial fraud, and other threats related to information and technology while on vacation.

Join us 9-10:30 a.m. Friday, May 7, in Union 213 to learn about: