by Information Technology Services
K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.
On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.
If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, firstname.lastname@example.org, 785-532-7722, toll-free 800-865-6143).
Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email. Never use your K-State eID password on any other account. Continue reading “Dangerous phishing-scam emails steal more than passwords”
Attention, K-State faculty, staff and students,
Since the start of the fall 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 75 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.
THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password. Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”
Hackers have been VERY successful at tricking K-Staters into giving away their eID password — in 2009 more than 430 K-Staters replied to phishing e-mails, sending their eID passwords to criminals who used those to log into K-State’s e-mail and send thousands of spam e-mails. The good news is that repeated communications by K-State’s IT security team, Help Desk, and IT support staff have slowed the pace of compromised e-mail accounts. The bad news is the hackers’ techniques have evolved accordingly with new, more sophisticated scams that steal your password.
K-State’s mantra for the last two years has been “NEVER provide your password in an e-mail to anyone under any circumstances!” How did the hackers respond? On Jan. 23, they sent the following scam e-mail to numerous K-Staters. Note that it doesn’t ask you to send your password in an e-mail. Instead, it tries to trick you into clicking on a link that goes to a website where they want you to enter your eID and password.
Continue reading “New type of phishing attack threatens K-State passwords”