Kansas State University

search

IT News

Tag: email

New type of phishing attack threatens K-State passwords

Hackers have been VERY successful at tricking K-Staters into giving away their eID password  — in 2009 more than 430 K-Staters replied to phishing e-mails, sending their eID passwords to criminals who used those to log into K-State’s e-mail and send thousands of spam e-mails. The good news is that repeated communications by K-State’s IT security team, Help Desk, and IT support staff have slowed the pace of compromised e-mail accounts. The bad news is the hackers’ techniques have evolved accordingly with new, more sophisticated scams that steal your password.

K-State’s mantra for the last two years has been “NEVER provide your password in an e-mail to anyone under any circumstances!” How did the hackers respond? On Jan. 23, they sent the following scam e-mail to numerous K-Staters. Note that it doesn’t ask you to send your password in an e-mail. Instead, it tries to trick you into clicking on a link that goes to a website where they want you to enter your eID and password.

Continue reading “New type of phishing attack threatens K-State passwords”

Spring 2010: Five things you need to know about IT security at K-State

In 2009, 431 K-Staters were duped by spear-phishing scam e-mails and gave away their eID password to criminals, who then used the stolen information to sign in to webmail and send hundreds of thousands of spam messages. Obviously, the first thing on this semester’s top-five security list must be:

  1. Never give your password to anyone in an e-mail message. K-State was plagued by nearly 300 instances of e-mail scams in 2009 that try to trick people into replying with their eID password. It has not slowed down in 2010. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Continue reading “Spring 2010: Five things you need to know about IT security at K-State”

Spotlight: Electronic resolutions via future e-mails

It’s that time of the year where we begin to think about goals for the new year. Oftentimes we need reminders to keep us on track toward achieving our goals. FutureMe.org allows users to write e-mail that will be sent to themselves in the future. It helps users keep track of things they want to achieve for 2010 and beyond.

To use the service, visit FutureMe.org and sign up. Then simply fill out the e-mail form, pick a date when you would like to receive the message, and click the button Send this to the future! Continue reading “Spotlight: Electronic resolutions via future e-mails”

What to do prior to graduating or leaving K-State?

Do I continue to have access to my eID? Can I keep my e-mail Inbox? Is my eID recycled? These and other questions are addressed on the updated Preparing to Leave K-State webpages.

New Student Services, the Alumni Association, Human Resources, Career and Employment Services, the Registrar’s Office, and ITS staff have clarified what users continue to be able to access and what is no longer available to them.  A short list of responsibilities and other information prior to leaving K-State include:

1. Sign in to eprofile.k-state.edu and forward your e-mail

2. Copy any files you are entitled to keep, including:

  • Your e-mail Inbox and messages/folders
  • Files on your office workstation
  • Files on the central Unix system
  • Your personal webpages

Continue reading “What to do prior to graduating or leaving K-State?”

Reminder: IT security roundtable this Friday on recognizing e-mail scams

The roundtable will be 9-10:30 a.m. Friday, Dec. 4, in Union 213. This session is designed for the general user, so you do not have to be a technical wizard to benefit. If you use e-mail, this event is for you.

Malicious e-mail attachments wreaked havoc on K-State computers a few weeks ago, while spear phishing scams that steal eID passwords have been a persistent plague. As hackers continue to find new, more clever ways to trick people, it is important for all users to educate themselves about e-mail scams and be constantly on the alert for new scams that arrive daily in people’s K-State e-mail. Consequently, December’s monthly IT security roundtable discussion will provide tips to help people recognize e-mail scams and thus protect themselves from identity theft, financial fraud, compromised computers, and more.

Topics covered include: Continue reading “Reminder: IT security roundtable this Friday on recognizing e-mail scams”

IT Security roundtable Dec. 4: How to recognize an e-mail scam

Malicious e-mail attachments wreaked havoc on K-State computers a few weeks ago, while spear phishing scams that steal eID passwords have been a persistent plague. As hackers continue to find new, more clever ways to trick people, it is important for all users to educate themselves about e-mail scams and be constantly on the alert for new scams that arrive in people’s K-State e-mail daily. Consequently, December’s monthly IT security roundtable discussion will provide tips to help people recognize e-mail scams and thus protect themselves from identity theft, financial fraud, compromised computers, and more.

The roundtable will be 9-10:30 a.m. Friday, Dec. 4, in Union 213.

Topics covered include:

Malicious e-mails strike again; 130+ computers compromised

One thing I’ll say about hackers is they are persistent, and I guess that fact shouldn’t surprise me since the same ol’ tricks reap dividends. Last Thursday, Nov. 5, K-State was hit with a cyberattack nearly identical to one that wreaked havoc on campus last July and, like last summer, it succeeded in compromising more than 130 campus computers.

The attack consisted of four different e-mails that tried to trick people into opening a malicious .zip attachment. Users who opened the attachment instantly infected their computer with a new variant of malware that antivirus software did not detect. The compromised computers were then used to try to infect other computers by sending the same malicious e-mails to addresses harvested from local addressbooks on the infected computers.

Once again, the best solution for preventing these types of attacks is for you, the user, to be suspicious of any unexpected e-mail from unknown sources and do not open an attachment until you confirm its legitimacy. One troubling thing is the four e-mails were virtually identical to the ones from last summer, with the following four subject lines:

Continue reading “Malicious e-mails strike again; 130+ computers compromised”

Five things you need to know about IT security at K-State

Thousands of new faculty, staff, and students have arrived and a new semester has begun, so it is time to remind everyone of their personal responsibility in protecting themselves online and keeping K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State thus far in 2009, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you need to know about IT security at K-State:

  1. Never give your password to anyone in an e-mail message. K-State has been plagued by more than 200 instances of e-mail scams over the last year that try to trick people into replying with their eID password (yes, that’s nearly one per day). In fact, thus far in 2009, nearly 300 K-Staters have had their eID password stolen this way. If you remember this one simple rule, you can prevent becoming a victim of these scams:  K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Continue reading “Five things you need to know about IT security at K-State”

Why recent malicious e-mails with attachments were so effective

Over the past month, K-State was hit by three different attacks using scam e-mails that contained malicious attachments. In the first round, which started July 13, more than 100 K-Staters were tricked into opening the attachments, resulting in at least 113 infected campus computers.

The compromised computers were turned into spam e-mail servers that sent thousands of the same malicious e-mails to people all over campus and the world. In fact, the malware used address books from local e-mail clients on the infected computers to harvest the e-mail addresses it used, which explains why so many people got so many copies at K-State.

Continue reading “Why recent malicious e-mails with attachments were so effective”