Did we mention K-Staters need to be constantly on guard for protecting yourself against phishing scams? Scammers will target you both personally and professionally. Keep your guard up. Recent attacks include phishing scams for the Equifax settlement claim and the Capital One breach.
Equifax settlement claim
Cybercriminals are trying to trick you into filing an Equifax claim and receiving a $125 payment because your personal data was part of the Equifax data breach. Scammers are sending phishing attacks that appear to come from Equifax, however, when the user clicks the link they are on a fake website that mimics Equifax. This website then attempts to steal your personal information.
Don’t fall for it. Forward this fake email to firstname.lastname@example.org.
To file a claim, go the legitimate FTC website and click on the blue “File a Claim” button. The website checks your eligibility for that claim.
Note: Not everyone’s information was compromised. The link to the FTC site is: https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement.
Cybercriminals are trying to exploit the Capital One breach with a phishing email that is using a Windows security update as the bait. Clicking the link in the email will install a backdoor Trojan.
Do not click on links in an email to install the software. Forward emails such as these to email@example.com.
Breaches such as Equifax and Capitol One are prime opportunities for cybercriminals to trick K-Staters into giving up their credentials. Remember: Go to the organization’s website for information on recent breaches.
If you have any questions, contact the IT Help Desk (firstname.lastname@example.org).
Two weeks ago we had more compromised eIDs than in the period from January 1 – May 13. Last week proved to be equally lucrative for scammers. Scammers attack when individuals are busy and vulnerable.
As these attacks continue to increase in frequency and sophistication, it is of critical importance that you:
- Think before you click – always be suspicious of any unsolicited communication.
- Don’t respond to that email if you are not absolutely certain of the sender and the contents.
- If you are not certain about an attachment, don’t open it.
- If you do respond to a scam, immediately change your password.
These simple guidelines could prevent scammers from using your credentials elsewhere and even save your identity. Personal information is like money. Value it. Protect it.
K-State is seeing a significant increase in the number of phishing scams within the last few days. Phishing scams are used as a way to trick you into giving up your credentials (eID and password). Once you give up your credentials, the scammer has access to all your K-State accounts.
There have been 239 phishing scams — some duplicates — resulting in 43 compromised accounts since Mon., June 11. The compromised accounts are then used to send additional phishing scams.
K-State will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website. When in doubt don’t respond, just delete.
Report phishing scams to email@example.com and be sure to include the email headers in your message.
Contact the IT Help Desk 785-532-7722 if you have additional questions about phishing scams.
Cybercriminals know the best strategies for gaining access to your sensitive data. According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents.
A few K-State stats:
- In January 2016, there were 60 phishing scams reported resulting in 9 compromised accounts. A compromised account means hackers were successful in getting a K-Stater to give up their eID and password.
- In January 2017, there were 355 phishing scams reported resulting in 313 compromised accounts!
What does this tell us?
You are the first line of defense in protecting your personal identity information. The numbers of phishing scams are going to continue to increase and the best defense is you!
Learn how to identify phishing scams and don’t give your credentials up to these criminals.
Continue reading “Learn what it takes to refuse the phishing bait!”
The Dec. 22 email that appeared to be from President Myers is one more example of the need to be vigilant before responding to an email, clicking a link, or opening an attachment. The email appeared to be legitimate. A point of clarification though is communications from President Myers would more than likely be posted in K-State Today. Also when verifying the “reply to” email address, there was an additional “from” email address not associated with K-State (see the highlighted email below).
U.S. CERT (U.S. Computer Emergency Readiness Team) reminds us to remain on the alert and when in doubt, delete the email, avoid clicking on a link and do not open suspicious attachments. When in doubt, DELETE.
In response to the latest phishing scam, Information Technology Services and Communications and Marketing have:
- Blocked the URL for the email on the K-State network
- Sent the attachment to Trend Micro for analysis. The attachment was deemed malicious and Trend Micro is preventing the attachment from being downloaded.
- Posted notices about the scam throughout campus.
US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
Report the attack to the police and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.
by Information Technology Services
K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.
On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.
If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, firstname.lastname@example.org, 785-532-7722, toll-free 800-865-6143).
Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email. Never use your K-State eID password on any other account. Continue reading “Dangerous phishing-scam emails steal more than passwords”
The beginning of every semester, K-State sees a significant increase in the number of phishing-scam emails trying to steal eID passwords. These emails try to trick K-Staters into providing their eID and password to criminals under the guise of “false emergency” emails, including:
- “Upgrade your webmail account!”
- “Your mailbox storage limit is full!”
- “Your data/photos/etc. will be lost!”
THESE ARE ALL SCAMS. K-State Information Technology Services staff will NEVER ask for your password in an email. Do not reply to these scam emails, or click a link in email and fill out a form with your eID and password.
Abide by one simple rule and you will be safe from these scams and others: NEVER provide your password to anyone in response to an email! Continue reading “Increase in phishing-scam emails trying to steal K-State eID passwords”
Attention, K-State faculty, staff and students,
Since the start of the fall 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 75 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.
THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password. Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”
K-State broke a record in 2010, but it is not a record to be proud of: 445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.
Obviously, the first thing on this semester’s top-six security list must be:
- Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009) that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
Continue reading “Six things you need to know about IT security at K-State”