Kansas State University

search

IT News

Category: Cybersecurity

eID password reset maintenance July 14

The eID Forgot Password Reset will undergo maintenance from 3 – 7 p.m. on July 14. During the maintenance period, if you forgot your password, you will be unable to reset your eID password via the text messaging option. K-Stater’s can still use the email option to reset their eID password during the maintenance.

If you need assistance resetting your password, contact the IT Help Desk at 785-532-7722 or email helpdesk@k-state.edu.

AnyConnect VPN client to be retired June 30

Start using the GlobalProtect VPN client today! As of June 30, AnyConnect will be turned off and no longer available.

For step-by-step instructions on how to install GlobalProtect, go to K-State’s VPN webpage. Once you have tested the GlobalProtect VPN and can use it, then you should uninstall AnyConnect.

Need help? For self-help, view the IT Knowledge Base articles. Need more help, contact the IT Help Desk 785-532-7722 or your local IT support staff.

The Federal Trade Commissions warns about COVID-19 scams targeting college students

College students are one of the target audiences that cybercriminals attack. Even though students aren’t on campus, they are still a top target. Please share this information with your students as a reminder to constantly be aware of potential cybersecurity threats.

Students might receive emails claiming to be about finanical aid and asking them to sign in to claim their rewards. They might even receive and email saying they have a COVID-19 economic stimulus check — and it needs to be opened through a link requiring your university login.

These are attempts to steal their credentials such as user eID, password, or other personal information. Once they have access to their credentials, they can steal their identity, personal information, and money. Continue reading “The Federal Trade Commissions warns about COVID-19 scams targeting college students”

Phishing scams asking for a text or cell number

This past week, K-Staters may have received an email that appeared to be a note from your boss, your bosses’ boss, an administrator, colleague, or even a friend with the following, “text your available number” or send your “cell phone number.”

These are scams. If you responded to the email, do the following:

  • Send the scam with headers to abuse@ksu.edu. How to send headers is available from here.
  • Alert your technical support staff that you didn’t send the email.
  • For any scam, if you have give out your eID/password, immediately change your password.

Example of phishing scam involving texting cell phone number.

If you didn’t respond, good for you for remaining vigilant. The Federal Trade Commission recommends four steps to protect from phishing:

  • Protect your computer by using security software. Find K-State’s recommendations for antivirus software on the K-State Antivirus Software page.
  • Protect your mobile phone by setting software to automatically update.
  • Protect your accounts by using multi-factor authentication.
  • Protect your data by backing it up. File storage options for safely backing up your data is available here.

Stressful times provide a perfect opportunity for scammers to catch us off guard. Don’t fall prey.

Reminder: May 30 is the deadline to update to Zoom 5.0

On April 27, Zoom released Zoom 5.0 which provides enhanced security for meeting data. It is required to update to this version by May 30. After May 30, you will not be able to join meetings until you run the update. Zoom releases updates frequently. As of May 26, the latest update is 5.04.

It can be installed from your desktop client or from the Zoom Download Center.

Follow the instructions below to install the update from your desktop client:

  1. Open Zoom and sign in.
  2. In the upper-right corner, click your profile.
  3. Click Check for Updates.
  4. On the Update Available window, click Update and then click Install. 
  5. Follow the installation instructions and click Close when finished.

Continue reading “Reminder: May 30 is the deadline to update to Zoom 5.0”

AnyConnect VPN client to be retired June 30

Time is winding down for those of you still using the AnyConnect VPN client. As of June 30, AnyConnect will be turned off and no longer available.

Please install GlobalProtect. Once you have tested the GlobalProtect VPN and can use it, then you should uninstall AnyConnect.

For step-by-step instructions on how to install GlobalProtect, go to K-State’s VPN webpage.

Need help? For self-help, view the IT Knowledge Base articles. Need more help, contact the IT Help Desk 785-532-7722 or your local IT support staff.

Zoom update available

On April 27, an update to Zoom was released with enhanced video communications security. Beginning May 30, Zoom will be enabling GCM encryption across the Zoom platform to provide increased protection for meeting data.

The update can be installed from your desktop client or from the Zoom Downlaod Center. Follow the instructions below to install the update from your desktop client:

  1. Open Zoom and sign in.
  2. In the upper-right corner, click your profile.
  3. Click Check for Updates.
  4. On the Update Available window, click Update and then click Install. 
  5. Follow the installation instructions and click Close when finished.

Continue reading “Zoom update available”

Zoom: Maintaining your privacy while sharing your screen

As you continue to learn, teach, or work from home, you may need to share your computer screen with other Zoom meeting participants. Before you click the Share Screen button, protect your privacy by making sure you know exactly what you are sharing.

When you click on the Share Screen button at the bottom of the Zoom window, you can choose to share your full desktop or a specific window or application you have open on your computer. The best practice is to share only that specific window or application. Continue reading “Zoom: Maintaining your privacy while sharing your screen”

An old scam with a new twist, bitcoin demands coming around again

Imagine my surprise to  open an email and learn that I was about to send pornography and video footage to ten randomly selected individuals from my contact list, should I not comply with the demands of $2,000 in bitcoins within 24 hours. Where my heart skipped a beat was in the subject line that included an old password and the first sentence of the email that included the same password.

Here’s how the email started:

“𝙸𝚝 𝚜𝚎𝚎𝚖𝚜 𝚝𝚑𝚊𝚝, ——–, 𝚒𝚜 𝚢𝚘𝚞𝚛 𝚙𝚊𝚜𝚜𝚠𝚘𝚛𝚍.”

According to our security experts, this password could have been harvested years ago, stored on the dark web and then sold to scammers –some nefarious individual(s) with too much time on their hands.

After more deep breathing and internet searches, I found this to be an old scam but with a new scarier twist, the revealing of a password. It also listed how many days the scammer had been capturing information about me – 182 days.

What did I do? After a few more deep breaths, I did the following:

  • Sent the email with headers to abuse@ksu.edu.
  • Discussed the email with our technical support staff
  • Checked the scams blog to determine if this had been reported
  • Changed my password on every system where I had used the old password.
  • Ran malware software on my computer
  • Deleted the email
  • Remain vigilant about scams

A couple of red flags I noted from the email were the urgency and intimidation of the request (𝚛𝚎𝚚𝚞𝚒𝚛𝚎 𝚢𝚘𝚞𝚛 𝚏𝚞𝚕𝚕 𝚊𝚝𝚝𝚎𝚗𝚝𝚒𝚘𝚗 𝚏𝚘𝚛 𝚝𝚑𝚎 𝚞𝚙 𝚌𝚘𝚖𝚒𝚗𝚐 𝚃𝚠𝚎𝚗𝚝𝚢-𝚏𝚘𝚞𝚛 𝚑𝚘𝚞𝚛𝚜), the demand for money (𝙿𝚞𝚛𝚌𝚑𝚊𝚜𝚎 $ 𝟸𝟶𝟶𝟶 𝚒𝚗 𝚋𝚒𝚝𝚌𝚘𝚒𝚗 𝚊𝚗𝚍 𝚜𝚎𝚗𝚍 𝚝𝚑𝚎𝚖 𝚘𝚗 𝚝𝚑𝚎 𝚋𝚎𝚕𝚘𝚠 𝚊𝚍𝚍𝚛𝚎𝚜𝚜), the email from an individual I didn’t know (mpnaneteps@hotmail.com), poorly worded email and incorrect use of capitalization.

The university has been busy processing these scams over the last week. If you are unsure about an email send to abuse and then delete. My mantra continues, when in doubt don’t give it out (your credentials).

Beware of coronavirus economic impact payment scams

There is never downtime when it comes to being aware of potential scams. Not even during this global pandemic. In fact, criminals like seizing opportunities when people are most vulnerable. The distribution of the economic impact payment is one of these opportunities.

The IRS posted the following warning:

“We urge people to take extra care during this period. The IRS isn’t going to call you asking to verify or provide your financial information so you can get an economic impact payment or your refund faster,” said IRS Commissioner Chuck Rettig. “That also applies to surprise emails that appear to be coming from the IRS. Remember, don’t open them or click on attachments or links.” Go to IRS.gov for the most up-to-date information.

Economic impact payments began being deposited last week in cases where direct deposit information was on file. For more information, see the IRS’s Get My Payment web page. Continue reading “Beware of coronavirus economic impact payment scams”