Kansas State University

search

IT News

Tag: phishing scams

Phishing scams keep coming

Posted on by Division of Information

Two weeks ago we had more compromised eIDs than in the period from January 1 – May 13. Last week proved to be equally lucrative for scammers.  Scammers attack when individuals are busy and vulnerable.

As these attacks continue to increase in frequency and sophistication, it is of critical importance that you:

  • Think before you click – always be suspicious of any unsolicited communication.
  • Don’t respond to that email if you are not absolutely certain of the sender and the contents.
  • If you are not certain about an attachment, don’t open it.
  • If you do respond to a scam, immediately change your password.

These simple guidelines could prevent scammers from using your credentials elsewhere and even save your identity. Personal information is like money. Value it. Protect it.

 

Beware: Phishing scams on the rise this week

Posted on by Division of Information

K-State is seeing a significant increase in the number of phishing scams within the last few days.  Phishing scams are used as a way to trick you into giving up your credentials (eID and password). Once you give up your credentials, the scammer has access to all your K-State accounts.

There have been 239 phishing scams — some duplicates — resulting in 43 compromised accounts since Mon., June 11. The compromised accounts are then used to send additional phishing scams.

K-State will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website.  When in doubt don’t respond, just delete.

Report phishing scams to abuse@ksu.edu and be sure to include the email headers in your message.

Contact the IT Help Desk 785-532-7722 if you have additional questions about phishing scams.

Learn what it takes to refuse the phishing bait!

Posted on by Cathy Rodriguez

Cybercriminals know the best strategies for gaining access to your sensitive data. According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents.

A few K-State stats:

  • In January 2016, there were 60 phishing scams reported resulting in 9 compromised accounts. A compromised account means hackers were successful in getting a K-Stater to give up their eID and password.
  • In January 2017, there were 355 phishing scams reported resulting in 313 compromised accounts!

What does this tell us?

You are the first line of defense in protecting your personal identity information. The numbers of phishing scams are going to continue to increase and the best defense is you!

Learn how to identify phishing scams and don’t give your credentials up to these criminals.

How to identify phishing emails

Continue reading “Learn what it takes to refuse the phishing bait!”

Reminder about phishing scams

Posted on by Rebecca Gould

The Dec. 22 email that appeared to be from President Myers is one more example of the need to be vigilant before responding to an email, clicking a link, or opening an attachment. The email appeared to be legitimate. A point of clarification though is communications from President Myers would more than likely be posted in K-State Today. Also when verifying the “reply to” email address, there was an additional “from” email address not associated with K-State (see the highlighted email below).

screen-shot-2016-12-22-at-11-34-47-am

image-with-highlight

U.S. CERT (U.S. Computer Emergency Readiness Team) reminds us to remain on the alert and when in doubt, delete the email, avoid clicking on a link and do not open suspicious attachments. When in doubt, DELETE.

In response to the latest phishing scam, Information Technology Services and Communications and Marketing have:

  • Blocked the URL for the email on the K-State network
  • Sent the attachment to Trend Micro for analysis. The attachment was deemed malicious and Trend Micro is preventing the attachment from being downloaded.
  • Posted notices about the scam throughout campus.

 

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Posted on by Cathy Rodriguez

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

Beware: tis the season for holiday scams

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
    Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

Dangerous phishing-scam emails steal more than passwords

Posted on by Betsy Edwards

by Information Technology ServicesK-State will never ask for your password in an email

K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.

On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.

If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, helpdesk@k-state.edu, 785-532-7722, toll-free 800-865-6143).

Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email.  Never use your K-State eID password on any other account.  Continue reading “Dangerous phishing-scam emails steal more than passwords”

Increase in phishing-scam emails trying to steal K-State eID passwords

Posted on by Rebecca Gould

Don't take the bait. K-State will NEVER ask for your password in an email.The beginning of every semester, K-State sees a significant increase in the number of phishing-scam emails trying to steal eID passwords. These emails try to trick K-Staters into providing their eID and password to criminals under the guise of “false emergency” emails, including:

  • “Upgrade your webmail account!”
  • “Your mailbox storage limit is full!”
  • “Your data/photos/etc. will be lost!”

THESE ARE ALL SCAMS. K-State Information Technology Services staff will NEVER ask for your password in an email. Do not reply to these scam emails, or click a link in email and fill out a form with your eID and password.

Abide by one simple rule and you will be safe from these scams and others: NEVER provide your password to anyone in response to an email!  Continue reading “Increase in phishing-scam emails trying to steal K-State eID passwords”

Warning: Increase in phishing scam emails trying to steal K-State eID passwords

Posted on by IT editors

Attention, K-State faculty, staff and students,

Since the start of the fall 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 75 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.

THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.  Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”

Six things you need to know about IT security at K-State

Posted on by Harvard Townsend (harv@ksu.edu)

K-State broke a record in 2010, but it is not a record to be proud of:  445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.

Obviously, the first thing on this semester’s top-six security list must be:

  1. Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009)  that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!

    2. Continue reading “Six things you need to know about IT security at K-State”

Another way to detect phishing scam e-mails

Posted on by Harvard Townsend (harv@ksu.edu)

The daily count of compromised eIDs dropped after July 28 when a warning was sent to all K-Staters via the security-alerts mailing list, but sadly, some people are still responding to phishing scams and giving their eID password to criminals.

Quota/storage scams

Some of these scams try to convince people they have exceeded a quota or limit on the amount of e-mail they can store on the system. All such e-mails are scams, because there is no limit on the amount of e-mail you can store in K-State’s Zimbra e-mail system. Thus, a quick way to recognize a scam: Anything that indicates you have exceeded a storage limit or quota in K-State’s e-mail is a scam. Like other scams, you can simply ignore and delete the e-mail.

Continue reading “Another way to detect phishing scam e-mails”