Kansas State University

search

IT News

Tag: phishing scams

Be aware of phishing scams

Posted on by Christine Doucette

""Phishing scams are used by cybercriminals to trick you into sharing personal information, such as passwords, credit cards, social security and bank account numbers, by sending you fraudulent emails or directing you to a fake website. K-State and legitimate businesses will never ask for your account, personal or financial information by email. Learn what a phishing scam looks like.

Sophisticated attackers will even attempt to get you to disclose passcodes from your Duo app to bypass the protections that two-factor authentication provides. K-State will never ask you to provide a Duo passcode immediately after completing the standard login confirmation. If you are ever asked to give that in combination with your password – you are being scammed. Continue reading “Be aware of phishing scams”

Increased phishing scams expected in July

Posted on by Christine Doucette

""The Better Business Bureau is warning of increased phishing scams related to Amazon Prime Day, online, and brick-and-mortar stores with special sales during July. Phishing is a way cybercriminals try to trick you into sharing personal information, such as passwords, credit card numbers, social security numbers, or bank account numbers, by sending you fraudulent emails or directing you to a fake website.

In addition to the regular phishing scam attempts this month, cybercriminals are sending phishing emails urging people to “click on a link to confirm their order” or “click on a link to confirm their mailing address.” DO NOT click on those links. If you are concerned about an order, you can always sign in to your Amazon or other online accounts to check your order status. Remember, legitimate businesses will NEVER ask for your account, personal, or financial information by email. Continue reading “Increased phishing scams expected in July”

Cybersecurity Awareness: Phishing simulations to begin

Posted on by Cathy Rodriguez

Phishing is one of the most common forms of cyberattacks that we encounter. K-State handles compromised accounts on a daily basis. Universities are often targeted because of the vast amounts of data criminals could get access to. Building a strong cybersecurity culture is one of the best defenses we have.

Cybersecurity Awareness: Phishing Simulations

As the next step in our required cybersecurity awareness training, we will perform phishing simulations and track performance. Again, it’s not our intention to shame anyone, but instead to use this data to ensure we’re targeting the correct user populations that may need additional training. We will be using the Attack Simulator that is available to us through our Microsoft 365 licensing. Continue reading “Cybersecurity Awareness: Phishing simulations to begin”

Phishing Scam Alert: Apply now for emergency relief funds scam

Posted on by Christine Doucette

Phishing ScamsA new phishing scam is currently targeting colleges and universities. The scam email notifies students, faculty, and staff that federal government funds are available and asks the recipient to apply for the grant money and provide their personal data. Do not click the link; this is a scam.

Some hints that the email is a scam include:

  • Misspellings
  • Typos
  • Poor grammar
  • Fake web address

When in doubt, forward the email to abuse@ksu.edu and then delete the email. Continue reading “Phishing Scam Alert: Apply now for emergency relief funds scam”

Federal Financial Aid phishing scam

Posted on by Cathy Rodriguez

Congratulations! You have been awarded federal financial aid that you don’t have to pay back. Does that sound phishy?

K-State is being targeted with a federal financial aid phishing scam. The email is promising free money in exchange for your driver’s license or state ID. 

Federal Financial Aid Continue reading “Federal Financial Aid phishing scam”

Phishing scam targets remote workers

Posted on by Information Technology

Scam Alert!As employees continue to work remotely, cyber-attacks are on the rise. The latest attack is the “Return to Office” phishing scam. This scam has already targeted 100,000 inboxes.

Scammers are sending email messages to individuals outlining the process for an employee to return to the workplace. The email can include safety protocols and usually includes a short deadline for when employees must acknowledge that they have received this message and complete a form. Continue reading “Phishing scam targets remote workers”

IT Update

Posted on by Information Technology

 

In July, sparks are flying to prepare for an earlier start to the school year. Some of the many projects either completed or in the works follow. 

Networking and Telecommunications Services (NTS) continues to improve the IT infrastructure. Projects include:

  • Collaborating with design teams for Hale Library, Snyder Family Stadium, the Multicultural Center and McCain Auditorium
  • Continuing renovation and wiring projects in Mosier, Derby, Weber, Leasure and Call Hall
  • Preparing for AV upgrades for Olathe and centrally supported classrooms
  • Planning for the WSU Nursing program in Justin
  • Working with Riley County Emergency Management to upgrade the campus 911 system

Continue reading “IT Update”

Beware of Equifax settlement and Capital One phishing scams

Posted on by Information Technology

Did we mention K-Staters need to be constantly on guard for protecting yourself against phishing scams? Scammers will target you both personally and professionally. Keep your guard up. Recent attacks include phishing scams for the Equifax settlement claim and the Capital One breach.

Equifax settlement claim

Cybercriminals are trying to trick you into filing an Equifax claim and receiving a $125 payment because your personal data was part of the Equifax data breach. Scammers are sending phishing attacks that appear to come from Equifax, however, when the user clicks the link they are on a fake website that mimics  Equifax. This website then attempts to steal your personal information.

Don’t fall for it. Forward this fake email to abuse@ksu.edu.

Equifax spoofed email

To file a claim, go the legitimate FTC website and click on the blue “File a Claim” button. The website checks your eligibility for that claim.

Note: Not everyone’s information was compromised. The link to the FTC site is: https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement.

Capital One

Cybercriminals are trying to exploit the Capital One breach with a phishing email that is using a Windows security update as the bait. Clicking the link in the email will install a backdoor Trojan.

CapitalOne phishing email

Do not click on links in an email to install the software. Forward emails such as these to abuse@ksu.edu.

Breaches such as Equifax and Capitol One are prime opportunities for cybercriminals to trick K-Staters into giving up their credentials. Remember: Go to the organization’s website for information on recent breaches.

If you have any questions, contact the IT Help Desk (helpdesk@ksu.edu).

Phishing scams keep coming

Posted on by Information Technology

Two weeks ago we had more compromised eIDs than in the period from January 1 – May 13. Last week proved to be equally lucrative for scammers.  Scammers attack when individuals are busy and vulnerable.

As these attacks continue to increase in frequency and sophistication, it is of critical importance that you:

  • Think before you click – always be suspicious of any unsolicited communication.
  • Don’t respond to that email if you are not absolutely certain of the sender and the contents.
  • If you are not certain about an attachment, don’t open it.
  • If you do respond to a scam, immediately change your password.

These simple guidelines could prevent scammers from using your credentials elsewhere and even save your identity. Personal information is like money. Value it. Protect it.

 

Beware: Phishing scams on the rise this week

Posted on by Information Technology

K-State is seeing a significant increase in the number of phishing scams within the last few days.  Phishing scams are used as a way to trick you into giving up your credentials (eID and password). Once you give up your credentials, the scammer has access to all your K-State accounts.

There have been 239 phishing scams — some duplicates — resulting in 43 compromised accounts since Mon., June 11. The compromised accounts are then used to send additional phishing scams.

K-State will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website.  When in doubt don’t respond, just delete.

Report phishing scams to abuse@ksu.edu and be sure to include the email headers in your message.

Contact the IT Help Desk 785-532-7722 if you have additional questions about phishing scams.