Kansas State University

search

IT News

Category: Cybersecurity

Impersonation phishing scam hits campus

The cybersecurity landscape is constantly evolving, making it vital to stay ahead of the curve in safeguarding digital assets. A recent phishing scam at K-State involved what is known as CEO Fraud. CEO Fraud preys on the trust and authority associated with executive positions to deceive employees into carrying out fraudulent activity. 

In this example, the scammer sent a K-State employee an email impersonating a department head, asking the staff member to download a file about a pay adjustment. Instead of clicking the link in the email, the alert employee checked with the department head to see if they had sent the email. The supervisor hadn’t sent the email. This was a scam. 

Remember: Don’t open email links or unexpected or unusual attachments, attachments from strangers or strange-looking emails. 

Any email attachment or link can carry software designed to damage or exploit your device or network. The malware will launch once you open the attachment or click the link. Vigilance and skepticism are our best defenses against impersonation scams. 

Tips to prevent becoming a victim of phishing scams: 

  • Don’t reply to a suspicious, unexpected or strange email. 
  • Be wary of emails with urgent requests for your personal or financial information or your sign-in credentials. 
  • Don’t open unexpected or unusual attachments, attachments from strangers or strange-looking emails. 
  • Don’t click links in unexpected emails, emails you suspect are fraudulent or if you don’t know the sender. 
  • Don’t click Sign In links. Go to the business website and sign in there or contact their customer service for help. 
  • Avoid filling out forms in email messages that ask for financial information. Only share credit card information via a secure website or telephone. 

If you receive a suspicious email, forward it to abuse@ksu.edu and be sure to include the email headers in your message. 

When to use K-State’s VPN

You must use a Virtual Private Network (VPN) when accessing protected proprietary and confidential data and campus resources while working offsite on an unsecured wireless network. A VPN encrypts your data so it cannot be intercepted by others using the same unprotected wireless network, such as at a hotel, airport or coffee shop. K-State’s VPN is GlobalProtect and is free for all active K-State students, faculty and staff.

Continue reading “When to use K-State’s VPN”

Be aware of phishing scams

""Phishing scams are used by cybercriminals to trick you into sharing personal information, such as passwords, credit cards, social security and bank account numbers, by sending you fraudulent emails or directing you to a fake website. K-State and legitimate businesses will never ask for your account, personal or financial information by email. Learn what a phishing scam looks like.

Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask you to provide a Duo passcode immediately after completing the standard login confirmation. If you are ever asked to give that in combination with your password – you are being scammed. Continue reading “Be aware of phishing scams”

Increased phishing scams during the holidays

""Be on the lookout for increased phishing email scams this holiday season.

Phishing is an attempt by cybercriminals, posing as a legitimate business, to trick you into sharing personal information, such as passwords, credit card numbers, Social Security numbers, or bank account numbers, via a fraudulent email or website.

Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask for your Duo backup passcode immediately following login. If you are ever asked to give that in combination with your password – you are being scammed. Immediately report the email to abuse@ksu.edu.

For additional information on how Duo passcodes work, view the Duo Passcode knowledge base article.
Continue reading “Increased phishing scams during the holidays”

When traveling, use K-State’s VPN

Are you traveling for work? Remember to use GlobalProtect, K-State’s Virtual Private Networking (VPN). When working offsite, the VPN should be used to access protected proprietary and confidential data and campus resources. From off-campus, use the VPN to connect to campus resources securely.

To use the VPN software, you must be a K-State student or employee with an active K-State eID and internet connection.

Continue reading “When traveling, use K-State’s VPN”

Cybersecurity Awareness: Think twice before you skip that update!

""Imagine your digital world as a fortress, with each software update serving as an essential reinforcement to its walls. When you see that familiar “Update Available” notification, do you click “Remind me later” and carry on with your online activities, inadvertently leaving a crack in your fortress’s defenses? In an era of ever-evolving cyber threats, this article reminds us why staying vigilant against unpatched vulnerabilities is our frontline defense. Today, we explore the critical realm of software updates and their importance in fortifying your digital stronghold against relentless adversaries. Continue reading “Cybersecurity Awareness: Think twice before you skip that update!”

Cybersecurity Awareness: Password safety tips for all of your accounts

""In the digital age, your passwords are your first line of defense against online threats. Yet, many of us still rely on weak and easily guessable passwords. It’s like locking your front door but leaving the key under the mat. In this article, we’ll provide you with practical tips to strengthen your password security without overwhelming you. Let’s get started on the path to safeguarding your online accounts.

The good news is that creating and storing strong passwords with the help of a password manager is one of the easiest ways to protect ourselves from someone logging into our accounts and stealing sensitive information, data, money, or even our identities. Continue reading “Cybersecurity Awareness: Password safety tips for all of your accounts”

Important update on antivirus software for K-State devices

At K-State, the security of our devices and data remains a top priority. As technology evolves, so do the measures we take to ensure the safety of our digital environment.

For University-owned devices, we are pleased to inform you that K-State provides Microsoft Defender as the primary antivirus solution. Microsoft Defender is a comprehensive security solution that offers real-time protection against a wide range of threats, ensuring that our university devices remain secure and up to date. Windows machines joined to K-State’s network should already have this software installed. If you are using a macOS device, you may need to install the software manually if your department is not deploying it via a device management tool. If you are unsure whether Defender is installed, look for this icon in your menu bar. Continue reading “Important update on antivirus software for K-State devices”

Don’t take the bait: Tips to avoid social engineering attacks

In today’s interconnected world, where technology plays an ever-expanding role in our lives, safeguarding your digital presence is of primary importance. Social engineering attacks have emerged as a pervasive threat, relying on the manipulation of human psychology to gain unauthorized access to sensitive information.

""

Continue reading “Don’t take the bait: Tips to avoid social engineering attacks”

K-State is now using geolocation

""

Over the summer, K-State began using geolocation to assist in safeguarding accounts from being compromised by utilizing IP information on computers and mobile devices. With geolocation, users will be alerted of suspicious attempts to access K-State accounts. If suspicious activity is recognized, the user will receive an email notification of the activity with recommendations on the next steps, which could include updating account passwords.

Continue reading “K-State is now using geolocation”