Cybersecurity | IT News

Category: Cybersecurity

Beware of CEO fraud scams

Posted on June 11, 2024 by Cathy Rodriguez

As part of our ongoing efforts to enhance cybersecurity and protect K-State from potential threats, we would like to bring your attention to the issue of CEO fraud, also known as Business Email Compromise (BEC). Cybercriminals may attempt to impersonate senior executives to deceive employees into transferring funds or sensitive information.

These fraudsters target specific employees with personalized emails, usually asking their victims to complete a business activity such as paying a bill. They learn as much as possible about their targets and organization to make the emails more convincing. They can obtain this information from websites and social media sites. For example, LinkedIn provides them with a plethora of information about a target, such as job history, connections with colleagues and even samples of how they write. Continue reading “Beware of CEO fraud scams” →

Phishing Scams: Watch out for job scams

Posted on May 2, 2024 by Christine Doucette

Are you looking for a job? While looking for a job, be on the lookout for cybercriminals because they are looking for you. At the end of a semester, it is common for cybercriminals to target students, faculty and staff who may be looking for a job.

Cybercriminals will target you with emails “inviting you to interview with their company.” The emails will include a sense of urgency, such as “interview with us now because slots are filling up” or “schedule your interview now before the position is filled.”

Some cybercriminals will ask you to download a particular app or device for the interview. Do not click on any links or download any apps; this is a scam. These malicious apps can install malware on your device and leak personal information. After stealing your information, cybercriminals could use it to impersonate you, commit financial fraud or scam other unsuspecting people via your accounts. Continue reading “Phishing Scams: Watch out for job scams” →

Phishing Scam: “URGENT: Suspected Exposure Incident Detected”

Posted on April 23, 2024April 24, 2024 by Christine Doucette

A new phishing scam email has been circulating through several colleges and universities nationwide and even in Kansas. The email’s subject line is “URGENT: Suspected Exposure Incident Detected.” DO NOT fall for this scam. DO NOT click on any links. Immediately delete the email.

The links within the phishing email are cloned to login pages and even ask you for Duo verification. If you fall for this phishing email, immediately change your eID password and report the incident to abuse@k-state.edu.

The “URGENT: Suspected Exposure Incident Detected” phishing scam preys on people’s fear of spreading a contagious virus. The email provides a link to a webpage to determine if you have been in contact with the virus. It is important to note that the scammers send emails from university employees or department heads. Do not fall for this scam.

To learn more about identifying phishing scams, view the Phishing Scams webpage.

Think before you click. More than 90% of successful cyberattacks start with a phishing email. If you receive a suspected phishing email, immediately report the email to abuse@k-state.edu.

Complete Cybersecurity Awareness training by April 30

Posted on April 22, 2024April 22, 2024 by Cathy Rodriguez

The deadline to complete Cybersecurity Awareness training is Tuesday, April 30.

All faculty, staff, and student employees are required to complete the training, or you will lose your eID access. You can complete the training at your own pace, whether in one or multiple sittings. On average, most people complete the training in under one hour.

If you fail to complete the training, you will lose access to all University systems on May 21. Once you complete the training, your access will be restored.

If you have student employees who are no longer employed, be sure to terminate them in HRIS to prevent their access from being removed if they are still active students.

Access the training

Visit the Division of Information Technology website: https://www.k-state.edu/it/.
At the bottom of the page, under the Cybersecurity Awareness Training section, click the Take the training button.

Record of training completion

After you complete the training, your training record in HRIS will be updated. It will be listed under the Training Summary as Cybersecurity Awareness, with the course code WIT590 and course session 2024.

If you have questions about the Cybersecurity Awareness training, contact the IT Service Desk:

Phone: 785-532-7722
Live chat
Walk-in: 2nd Floor, Hale Library

Records & Information Management month: Email records management

Posted on April 16, 2024 by Christine Doucette

As part of Records & Information Management Month, the K-State Libraries and the Division of IT collaborate to illuminate crucial aspects of records and information management. This week’s focus is on email records.

Every K-State employee is individually responsible for handling and maintaining records (including University email and other electronic records) under university policy and requirements. Emails are records that may contain evidence of official University actions, decisions, approvals, or transactions. Email is subject to statutes of the State of Kansas, KSA 45-401 through 45-414, which applies to preserving and destroying records.

Email Records Frequently Asked FAQs provide guidance for creating, managing, archiving, and deleting emails. Retention periods are listed on the Records Retention Schedule. Continue reading “Records & Information Management month: Email records management” →

Records & Information Management month: How to identify transitory records

Posted on April 9, 2024April 16, 2024 by Christine Doucette

As part of Records and Information Management Month, the K-State Libraries and the Division of IT collaborate to illuminate crucial aspects of records and information management. This article focuses on defining the types of transitory records and how to dispose of the records properly.

Examples of Transitory Records

Announcements and notices of a general nature
Blank forms
Convenience or duplicate copies
Drafts
Messages where the information has no operational value
Superseded lists
In-house publications that are obsolete, superseded or otherwise no longer useful

Continue reading “Records & Information Management month: How to identify transitory records” →

K-State using geolocation for cybersecurity

Posted on April 5, 2024 by Christine Doucette

The internet is an incredible tool for learning and sharing information, but it poses a cybersecurity threat. To keep hackers from stealing your personal information, K-State uses geolocation to safeguard accounts from being compromised by utilizing IP information. If suspicious activity is recognized, the user will receive an email notification of the activity with recommendations on the next steps, which could include updating account passwords.

Continue reading “K-State using geolocation for cybersecurity” →

Records & Information Management month: What is a record?

Posted on April 1, 2024April 16, 2024 by Christine Doucette

As part of Records and Information Management Month, the K-State Libraries and the Division of IT collaborate to illuminate crucial aspects of records and information management. This article delves into the fundamental concept of a record and explores the diverse types of records commonly generated within organizational contexts.

What is a record?

Records are information you create and maintain while doing your job. Records can be in any media, including paper, magnetic tape, and optical disks. Work-related records (including email) that you produce in your home and on your personal home computers are still the property of K-State. Your records are unique to K-State and are evidence of who you are and what you do.

The best way to keep track of your records is by doing a thorough inventory. This means checking all your electronic systems and all places where records might be kept. An inventory is the first step in developing a formal records management program. Continue reading “Records & Information Management month: What is a record?” →

Annual Cybersecurity Awareness training begins April 1

Posted on March 27, 2024March 27, 2024 by Christine Doucette

The annual Cybersecurity Awareness Training will be delivered to your K-State email inbox on Monday, April 1. All faculty, staff and student employees must complete the online training by Tuesday, April 30.

The training will teach you to spot phishing scams, keep passwords safe, and practice cyber hygiene. This training is mandatory for all state agencies through the State of Kansas ITEC Policy 7230 – Information Technology Enterprise Security Policy. Continue reading “Annual Cybersecurity Awareness training begins April 1” →

Impersonation phishing scam hits campus

Posted on March 5, 2024March 7, 2024 by Cathy Rodriguez

The cybersecurity landscape is constantly evolving, making it vital to stay ahead of the curve in safeguarding digital assets. A recent phishing scam at K-State involved what is known as CEO Fraud. CEO Fraud preys on the trust and authority associated with executive positions to deceive employees into carrying out fraudulent activity.

In this example, the scammer sent a K-State employee an email impersonating a department head, asking the staff member to download a file about a pay adjustment. Instead of clicking the link in the email, the alert employee checked with the department head to see if they had sent the email. The supervisor hadn’t sent the email. This was a scam.

Remember: Don’t open email links or unexpected or unusual attachments, attachments from strangers or strange-looking emails.

Any email attachment or link can carry software designed to damage or exploit your device or network. The malware will launch once you open the attachment or click the link. Vigilance and skepticism are our best defenses against impersonation scams.

Tips to prevent becoming a victim of phishing scams:

Don’t reply to a suspicious, unexpected or strange email.
Be wary of emails with urgent requests for your personal or financial information or your sign-in credentials.
Don’t open unexpected or unusual attachments, attachments from strangers or strange-looking emails.
Don’t click links in unexpected emails, emails you suspect are fraudulent or if you don’t know the sender.
Don’t click Sign In links. Go to the business website and sign in there or contact their customer service for help.
Avoid filling out forms in email messages that ask for financial information. Only share credit card information via a secure website or telephone.

If you receive a suspicious email, forward it to abuse@ksu.edu and be sure to include the email headers in your message.

Kansas State University

IT News