Kansas State University

Phishing scams are messages designed to look like they’re from a trusted source. You may open what you thought was a safe email, attachment or image only to find you have been exposed to malware or a scammer looking for your personal data. You can take precautions to protect your data. Be aware of the signs and report phishing to protect devices and data.

Recognize the common signs

• Urgent or emotionally appealing language.
• Requests to send personal or financial information.
• Unexpected attachments.
• Untrusted shortened URLs.
• Email addresses that do not match the supposed sender.
• Poor writing.

Resist and report

Think before you click. More than 90% of successful cyberattacks start with a phishing email. If you receive a suspected phishing email, immediately report the email to abuse@k-state.edu.

Delete

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. The unsubscribe button could also carry a link used
for phishing. Just delete.

If a message looks suspicious, it’s probably phishing. But even if there’s a possibility it could be real, don’t click any link, attachment or call any number.
Look up another way to contact a company or person directly: Go to a company’s website to find their contact information. Call the individual at a known number and confirm whether they sent the message

Our online world needs to be protected. There are easy things we can
do to ensure our information is safe from those wishing to steal it.

Recognize & report phishing

Most successful online intrusions result from a recipient of a “phishing”
message accidentally downloading malware or giving their personal
information to a spammer. Do not click or engage with these phishing
attempts. Instead, recognize them by their use of alarming language
or offers that are too good to be true.

Report the phish and delete phishing messages.

Use strong passwords

Simple passwords can be guessed. Make passwords at least
16 characters long, random and unique for each account.
Use a password manager, a secure program that maintains
and creates passwords. This easy-to-use program will store
passwords and fill them in automatically on the web. Continue reading “4 tips to stay safe online” →

Kansas State University is committed to maintaining the highest level of cybersecurity for our community. To strengthen our defenses, all devices connecting to K-State’s network must have antivirus software installed and kept updated.

CrowdStrike is the antivirus solution for university-owned devices. It is not licensed for personal use. For antivirus protection on personally-owned devices, see the options below.

Installing CrowdStrike

CrowdStrike Falcon is automatically installed on all Windows domain-joined computers. For Mac OS systems or specific non-domain-joined Windows machines, you can manually install CrowdStrike Falcon by following these instructions.

Personally-owned devices

Personal-owned devices are still required to use an antivirus solution and keep it updated when connecting to the K-State network. This ensures the safety and integrity of our network and the personal information of all our users.

The following are antivirus solutions for personal use:

• Windows
  • Windows Defender (built into Windows 10 and Windows 11)
  • Avast Free Antivirus
  • AVG Antivirus Free
• Mac OS
  • Avast Security for Mac
  • Sophos Home

If you have any questions, contact the IT Service Desk at 800-865-6143 or 785-532-7722 or via Live Chat. For in-person support, come to the IT Service Desk on the second floor of Hale Library.

Ransomware is malicious software that locks your data or your entire device and demands a ransom to unlock it. Cybercriminals may promise to return your files if you pay, but there’s no guarantee they’ll follow through. 

How Does It Spread? 

Ransomware often comes through phishing emails, malicious websites, or infected downloads. You might think you’re clicking a harmless link or attachment, but once you do, the ransomware installs itself and begins encrypting your files. 

At K-State, we’ve seen an increase in phishing attempts targeting students, faculty, and staff. Our Security Intelligence and Operation Center (SIOC) is actively monitoring these threats, but individual vigilance is critical to protect personal and institutional data. 

How Can You Protect Yourself?  Continue reading “Protect yourself from ransomware: What you need to know” →

CEO fraud is when cybercriminals attempt to impersonate senior executives to deceive employees into transferring funds or sensitive information.

These fraudsters target specific employees with personalized emails, usually asking their victims to complete a business activity such as paying a bill. They learn as much as possible about their targets and organization to make the emails more convincing. They can obtain this information from websites and social media sites. For example, LinkedIn provides them with a plethora of information about a target, such as job history, connections with colleagues and even samples of how they write. Continue reading “How to identify CEO fraud” →

Social media has become a central part of many of our daily lives which makes it a prime target for scammers to carry out their fraudulent activities. One step to protect yourself is by staying aware of their scam tactics such as fraudulent ads, fake giveaways, romance scams and more.

The following are some tips to help you stay safe online:

• Watch for red flags in messages – Scammers often send messages that look like they’re from someone you know or trust. These messages might ask for personal information, like your password, Social Security number, banking details or try to get you to click on a suspicious link.Be cautious if:
  • You receive unsolicited messages or friend requests from people you don’t know.
  • The message seems urgent or too good to be true.
  • The person asks for money, especially through gift cards or wire transfers.
  • The language or tone doesn’t sound like the person you know.
• Be suspicious of unverified accounts – Before you trust a profile or page, check for verification. Official accounts often have a verification badge—a blue checkmark on platforms like Facebook or X (formerly Twitter). Scammers sometimes create fake accounts that look almost identical to real ones. Look for these signs of a fake account:
  • The username or handle is slightly off (e.g., extra letters or numbers).
  • The account has few followers or posts.
  • The content is repetitive or copied from other sources.
• Question unsolicited offers – If you receive an unexpected offer for a prize, job, or investment opportunity, proceed with caution. Scammers often lure victims with promises of easy money or amazing deals.

• Avoid clicking suspicious links – Links in posts, messages, or ads can lead to harmful websites designed to steal your information. These sites might look like real ones but will ask you to log in or enter sensitive information. Protect yourself by:
  • Hovering over links to see where they actually lead before clicking.
  • Avoiding links that shorten or obscure the real destination.
  • Only logging in to websites by typing the URL directly into your browser.
• Don’t share too much personal information – Scammers can use your publicly shared information to target you more effectively. Be careful about what you post on your profile and in your posts. Limit the personal details you share, such as:
  • Your phone number, address, or email.
  • Information about your family, like your mother’s maiden name.
  • Details about your daily routines or travel plans.

Stay safe, and think before you click!