Kansas State University

search

IT News

Tag: email

Six things you need to know about IT security at K-State

K-State broke a record in 2010, but it is not a record to be proud of:  445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.

Obviously, the first thing on this semester’s top-six security list must be:

  1. Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009)  that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
  2. Continue reading “Six things you need to know about IT security at K-State”

Information for students, employees leaving K-State

Students (including graduates) and faculty/staff who are leaving the university permanently should check out the Preparing to Leave K-State webpage, which includes:

  • How to forward your e-mail and update your e-communications
  • The importance of copying files, e-mail, etc. before those are erased
  • The need to remove K-State’s antivirus and other software obtained via a university site license or volume-purchase agreement
  • Other essential steps to do BEFORE you lose access to K-State resources

When an individual’s K-State affiliation ends, they will be notified and given two weeks to copy files, e-mail, and personal webpages. After that, a $50 fee is assessed for temporary access to personal files. Continue reading “Information for students, employees leaving K-State”

Q/A: How to sign off of LISTSERV mailing lists?

How can I unsubscribe from various K-State LISTSERV mailing lists?

The short answer is to go to K-State’s LISTSERV interface at listserv.k-state.edu/web, sign in, select the list you want to leave, and click the Leave button to unsubscribe from that list.

The long explanation

To access all your LISTSERV subscriptions, go to K-State’s LISTSERV interface at listserv.k-state.edu/web and click Subscribers Corner in the left menu, then sign in using your e-mail address and your LISTSERV password. There you can: Continue reading “Q/A: How to sign off of LISTSERV mailing lists?”

Q/A: How to display full e-mail headers on a Mac laptop?

An IT security webpage (Identifying and Responding to a scam) says to “check full e-mail headers on questionable e-mail.” How do I do that on my Mac laptop? The Windows process — to right-click the message and select “Full headers” — doesn’t work on my Mac laptop, and there’s no “full headers” choice anywhere.

First, some caveats:

  • When using a two-button mouse on a Mac, right-click works the same way as on a PC.
  • When using a one-button mouse on a Mac, Control-click is required to simulate a right-click.
  • When using a laptop with no mouse, Control-click on the trackpad button is required.

Continue reading “Q/A: How to display full e-mail headers on a Mac laptop?”

Six things you need to know about IT security at K-State

IT security = YOUThus far in 2010, 292 K-Staters have been duped by spear-phishing scam e-mails and given away their eID password to criminals who then use the stolen information to sign in to webmail and send thousands of spam messages. Sadly, we’re on pace to break last year’s record of 431 K-Staters who gave away their passwords in this way.

Obviously, the first thing on this semester’s top-six security list must be:

  1. Never give your password to anyone in an e-mail message! K-State was plagued by nearly 300 instances of phishing scams in 2009 (and 260 thus far in 2010!)  that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
  2. Learn to recognize scams, frauds, and other forms of malicious communications so you don’t become a victim of identity theft, financial fraud, or end up with a compromised computer. Criminals are using all kinds of new tricks and coming at you from all angles — e-mail, social networking sites like Facebook and Twitter, malicious links on webpages, Instant Messaging, phone calls, and even knocking on your door. As an example, last year more than 230 K-Staters were tricked into opening malicious e-mail attachments, resulting in 230+ compromised computers. Be informed and think before you click! Continue reading “Six things you need to know about IT security at K-State”

Another way to detect phishing scam e-mails

The daily count of compromised eIDs dropped after July 28 when a warning was sent to all K-Staters via the security-alerts mailing list, but sadly, some people are still responding to phishing scams and giving their eID password to criminals.

Quota/storage scams

Some of these scams try to convince people they have exceeded a quota or limit on the amount of e-mail they can store on the system. All such e-mails are scams, because there is no limit on the amount of e-mail you can store in K-State’s Zimbra e-mail system. Thus, a quick way to recognize a scam: Anything that indicates you have exceeded a storage limit or quota in K-State’s e-mail is a scam. Like other scams, you can simply ignore and delete the e-mail.

Continue reading “Another way to detect phishing scam e-mails”

"Blind carbon copy" adds professionalism to e-mail

When sending e-mail to multiple recipients, consider using the “blind carbon copy” (Bcc:) option. Posting individual e-mail addresses in the Bcc area eliminates the long list of e-mail addresses that the viewer wades through to get to the body of the e-mail and makes for a more professional looking e-mail.

Other benefits include:

Phishing scams + stolen passwords = problems for everyone

Criminals seem to be working overtime in their efforts to steal eID passwords, which is no surprise since their efforts are paying dividends: Since July 18, 77 K-Staters have been tricked into giving away their eID passwords via phishing scam e-mails! The count since January 1, 2010, is 255 K-Staters!

When stolen e-mail accounts are used to send massive amounts of spam to recipients all over the world, other e-mail service providers view K-State as a source of spam and start blocking ALL e-mail from K-State by putting us on their “spam block-list.” Continue reading “Phishing scams + stolen passwords = problems for everyone”

Hotmail error-message issue being addressed

K-Staters who send e-mail to

  • an individual’s Hotmail address or
  • an individual who forwards their K-State e-mail to a Hotmail address

have been receiving the error message shown below. K-Staters might also notice a similar message from other e-mail providers. Information Technology Services (ITS) is working with Zimbra to get this issue resolved as quickly as possible. ITS apologizes for the inconvenience.

Continue reading “Hotmail error-message issue being addressed”

Dangerous phishing scam hits K-Staters' e-mail

Many K-Staters received a spear phishing scam e-mail on Monday that is particularly dangerous because it seems to refer to upcoming changes in K-State’s e-mail; appears to be from K-State’s IT Help Desk; and asks for your K-State eID and password. The criminals responsible for these scams have obviously done their homework to make the message appear legitimate. But it is not — it is a scam that is trying to steal your eID password and use it to log in to your Webmail account and use it to spam.

As always, though, you can remember this one simple rule and be safe from this type of scam: K-State IT support staff will NEVER ask for your password in an e-mail!

To help you recognize this and other scams like it, the headers of the scam message are:

From: “ITS Help Desk” <helpdesk@ksu.edu>
To: undisclosed-recipients:;
Sent: Sunday, April 4, 2010 6:49:32 PM GMT -06:00 US/Canada Central
Subject: Scheduled Service Maintenance

Continue reading “Dangerous phishing scam hits K-Staters' e-mail”