Kansas State University

search

IT News

Tag: phishing

Increased phishing scams during the holidays

Posted on by Christine Doucette

""Be on the lookout for increased phishing email scams this holiday season.

Phishing is an attempt by cybercriminals, posing as a legitimate business, to trick you into sharing personal information, such as passwords, credit card numbers, Social Security numbers, or bank account numbers, via a fraudulent email or website.

Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask for your Duo backup passcode immediately following login. If you are ever asked to give that in combination with your password – you are being scammed. Immediately report the email to abuse@ksu.edu.

For additional information on how Duo passcodes work, view the Duo Passcode knowledge base article.
Continue reading “Increased phishing scams during the holidays”

North Korea using social engineering to hack universities

Posted on by Christine Doucette

""In light of recent developments in the cybersecurity landscape, the Division of Information Technology (IT) feels it is imperative to communicate the evolving threats to our community. One such concern involves a North Korean group known as Kimsuky, a state-sponsored cyber threat actor notorious for their sophisticated spear-phishing attempts. Spear-phishing is a targeted form of phishing where the attacker impersonates a known or trusted entity to deceive individuals into revealing sensitive information. Continue reading “North Korea using social engineering to hack universities”

Tech Tips Live! May 11: Phishing – not just for days at the lake!

Posted on by Cathy Rodriguez

Kathleen Adams will present “Phishing – not just for days at the lake” at 3 p.m., Tech Tips Live! logoMay 11, via Zoom. Join this session to learn about what happens when a phishing scam hits K-State. So far this year there have been 471 phishing scams reported and 175 compromised eIDs. Phishing is a very serious problem, join the discussion to learn what you can do to protect yourself. Topics include:

  • Identifying types of phishing scams
  • Sending phishing scams to K-State’s abuse email team with precision
  • Learning what we do to take down a phishing scam
  • Discovering what happens if an account gets compromised
  • Protecting your account from being compromised

Join the session at ksu.zoom.us/j/738417925. Visit the Tech Tips Live! website for information about the series and to view videos of previous sessions.

Increase in phishing scams over spring break

Posted on by Cathy Rodriguez

Over spring break there was an increase in the number of phishing scams sent to K-Staters. From Wednesday, March 16, through Tuesday, March 22, more than 60 individuals shared their private information (eID and passwords) via a phishing scam.

Two of those compromised eIDs were then used to create Qualtrics surveys. One survey had the K-State brand and asked for the user ID, password, retyped password, etc.

Phishing scam password example

No explanation or wording was included with the survey, only boxes to provide the information, and yet more than 100 K-Staters provided their information.

Another survey appeared to be from Wells Fargo Bank. The scammers had created panels with almost 5,500 names to receive the phishing scam before it was shut down.

Information Technology Services will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website.  When in doubt don’t respond, just delete.

Contact the IT Help Desk 785-532-7722 if you have additional questions about phishing scams.

Warning: Increase in phishing scam emails trying to steal K-State eID passwords

Posted on by Harvard Townsend (harv@ksu.edu)

Attention, K-State faculty, staff, and students.

Since the start of the spring 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 10 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.

THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.

Abide by this simple rule and you will be safe from these scams and others:  NEVER provide your password to anyone in response to an email!

Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”

Teach yourself how to recognize an e-mail scam

Posted on by Harvard Townsend (harv@ksu.edu)

In the past month, nearly 200 K-State computers were compromised when people were tricked into opening a malicious e-mail attachment. Since January, nearly 300 K-Staters have given their eID password to hackers in response to spear phishing e-mail scams.

Besides a reminder to never give out your eID password in an e-mail, it is time once again to emphasize the importance of individual users learning how to recognize a scam or malicious e-mail.

One of the best tools for learning how to distinguish a legitimate e-mail from a malicious one is the Phishing and Spam IQ Quiz produced by Sonicwall. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message.

Continue reading “Teach yourself how to recognize an e-mail scam”

Reminder: K-State will never ask for your password in an e-mail

Posted on by Harvard Townsend (harv@ksu.edu)

Once again, K-State students, faculty, and staff are the target for spammers trying to trick you into divulging your eID and password in order to compromise your K-State e-mail account and use it to send more spam to thousands of others. Numerous instances of these scams have cropped up this week. This is a reminder that K-State will never ask for your password in an e-mail. For additional information on IT security, see the Jan. 20 InfoTech Tuesday article, “Five Things You Need to Know about IT Security at K-State“.

“Very cheap Macbook” is an offer too good to be true

Posted on by IT editors

The problem

Over the last several weeks, an e-mail has been received by K-Staters telling recipients that if they contact the sender, they will receive a “very cheap” Macbook. I hate to be the bearer of bad news, but it’s a scam.

Take a look at the e-mail and note some of the factors that should alert you to these kinds of scams. Continue reading ““Very cheap Macbook” is an offer too good to be true”