Kansas State University

search

IT News

Tag: cybersecurity

How’s your Cyber hygiene?

Posted on by Christine Doucette

Cyber hygiene is the practice and steps K-Staters can follow to improve our online security and maintain the health of our IT systems.

Cyber hygiene is often compared to personal hygiene. Just as you follow daily personal hygiene practices to stay healthy, adopting a daily cyber hygiene routine is crucial for safeguarding the health of K-State’s network and ensuring the safety and security of our data. By making these habits a part of your daily routine, they will become second nature.

Be aware of phishing scams. Cybercriminals use phishing scams to try to trick you into sharing personal information, such as passwords, credit card numbers, social security numbers and bank account numbers, by sending you fraudulent emails or directing you to a fake website. Learn what a phishing scam looks like.  If you suspect that you have been compromised…” use something like “If you suspect you’ve been targeted or fallen victim to a phishing scam, report the incident immediately to abuse@ksu.edu.

Create strong passwords. Complex passwords can prevent many malicious activities and protect K-State’s network. Consider using passphrases or a reputable password manager to create and store complex passwords securely. Learn about K-State’s eID password requirements. Continue reading “How’s your Cyber hygiene?”

Tips for protecting your devices and personal information

Posted on by Christine Doucette

You use devices like laptops, smartphones, tablets and watches to store sensitive information like your credit card. Protecting and securing that information is important to safeguarding your identity and data.

Here are a few things you can easily do to protect your devices.

Install antivirus software

Antivirus software is your first line of defense. It detects, blocks, and removes viruses and warns about dangerous websites and links.

Use strong passphrases/password manager

Using long, complex and unique passwords is a good way to prevent your account from being hacked. An easy way to keep track of and remember your passwords is by using a password manager. Continue reading “Tips for protecting your devices and personal information”

Phishing Scams: Watch out for job scams

Posted on by Christine Doucette

Are you looking for a job? While looking for a job, be on the lookout for cybercriminals because they are looking for you. At the end of a semester, it is common for cybercriminals to target students, faculty and staff who may be looking for a job.

Cybercriminals will target you with emails “inviting you to interview with their company.” The emails will include a sense of urgency, such as “interview with us now because slots are filling up” or “schedule your interview now before the position is filled.”

Some cybercriminals will ask you to download a particular app or device for the interview. Do not click on any links or download any apps; this is a scam. These malicious apps can install malware on your device and leak personal information. After stealing your information, cybercriminals could use it to impersonate you, commit financial fraud or scam other unsuspecting people via your accounts. Continue reading “Phishing Scams: Watch out for job scams”

Phishing Scam: “URGENT: Suspected Exposure Incident Detected”

Posted on by Christine Doucette

A new phishing scam email has been circulating through several colleges and universities nationwide and even in Kansas. The email’s subject line is “URGENT: Suspected Exposure Incident Detected.” DO NOT fall for this scam. DO NOT click on any links. Immediately delete the email.

The links within the phishing email are cloned to login pages and even ask you for Duo verification. If you fall for this phishing email, immediately change your eID password and report the incident to abuse@k-state.edu.

The “URGENT: Suspected Exposure Incident Detected” phishing scam preys on people’s fear of spreading a contagious virus. The email provides a link to a webpage to determine if you have been in contact with the virus. It is important to note that the scammers send emails from university employees or department heads. Do not fall for this scam.

To learn more about identifying phishing scams, view the Phishing Scams webpage.

Think before you click. More than 90% of successful cyberattacks start with a phishing email. If you receive a suspected phishing email, immediately report the email to abuse@k-state.edu.

K-State using geolocation for cybersecurity

Posted on by Christine Doucette

""The internet is an incredible tool for learning and sharing information, but it poses a cybersecurity threat. To keep hackers from stealing your personal information, K-State uses geolocation to safeguard accounts from being compromised by utilizing IP information. If suspicious activity is recognized, the user will receive an email notification of the activity with recommendations on the next steps, which could include updating account passwords.

Continue reading “K-State using geolocation for cybersecurity”

Annual Cybersecurity Awareness training begins April 1

Posted on by Christine Doucette

The annual Cybersecurity Awareness Training will be delivered to your K-State email inbox on Monday, April 1. All faculty, staff and student employees must complete the online training by Tuesday, April 30.

The training will teach you to spot phishing scams, keep passwords safe, and practice cyber hygiene. This training is mandatory for all state agencies through the State of Kansas ITEC Policy 7230 – Information Technology Enterprise Security Policy. Continue reading “Annual Cybersecurity Awareness training begins April 1”

Be aware of phishing scams

Posted on by Christine Doucette

""Phishing scams are used by cybercriminals to trick you into sharing personal information, such as passwords, credit cards, social security and bank account numbers, by sending you fraudulent emails or directing you to a fake website. K-State and legitimate businesses will never ask for your account, personal or financial information by email. Learn what a phishing scam looks like.

Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask you to provide a Duo passcode immediately after completing the standard login confirmation. If you are ever asked to give that in combination with your password – you are being scammed. Continue reading “Be aware of phishing scams”

K-State is now using geolocation

Posted on by Christine Doucette

""

Over the summer, K-State began using geolocation to assist in safeguarding accounts from being compromised by utilizing IP information on computers and mobile devices. With geolocation, users will be alerted of suspicious attempts to access K-State accounts. If suspicious activity is recognized, the user will receive an email notification of the activity with recommendations on the next steps, which could include updating account passwords.

Continue reading “K-State is now using geolocation”

North Korea using social engineering to hack universities

Posted on by Christine Doucette

""In light of recent developments in the cybersecurity landscape, the Division of Information Technology (IT) feels it is imperative to communicate the evolving threats to our community. One such concern involves a North Korean group known as Kimsuky, a state-sponsored cyber threat actor notorious for their sophisticated spear-phishing attempts. Spear-phishing is a targeted form of phishing where the attacker impersonates a known or trusted entity to deceive individuals into revealing sensitive information. Continue reading “North Korea using social engineering to hack universities”

Increased SMS text phishing attempts

Posted on by Christine Doucette

""In collaboration with the Office of Private Sector (OPS), the FBI San Francisco Field Office has recently issued a report highlighting a surge in “smishing” attempts. Smishing (or SMS text phishing) is a fraudulent practice where text messages trick individuals into divulging sensitive information. This can range from personal and financial information to company-specific data and employee credentials.

These threat actors often pose as fellow employees or company leaders to persuade recipients to share sensitive data. This information can then be used for various criminal activities, including financial gain, further breaches at a company, or even targeting other employees. Continue reading “Increased SMS text phishing attempts”