Kathleen Adams will present “Phishing – not just for days at the lake” at 3 p.m., May 11, via Zoom. Join this session to learn about what happens when a phishing scam hits K-State. So far this year there have been 471 phishing scams reported and 175 compromised eIDs. Phishing is a very serious problem, join the discussion to learn what you can do to protect yourself. Topics include:
- Identifying types of phishing scams
- Sending phishing scams to K-State’s abuse email team with precision
- Learning what we do to take down a phishing scam
- Discovering what happens if an account gets compromised
- Protecting your account from being compromised
Join the session at ksu.zoom.us/j/738417925. Visit the Tech Tips Live! website for information about the series and to view videos of previous sessions.
Over spring break there was an increase in the number of phishing scams sent to K-Staters. From Wednesday, March 16, through Tuesday, March 22, more than 60 individuals shared their private information (eID and passwords) via a phishing scam.
Two of those compromised eIDs were then used to create Qualtrics surveys. One survey had the K-State brand and asked for the user ID, password, retyped password, etc.
No explanation or wording was included with the survey, only boxes to provide the information, and yet more than 100 K-Staters provided their information.
Another survey appeared to be from Wells Fargo Bank. The scammers had created panels with almost 5,500 names to receive the phishing scam before it was shut down.
Information Technology Services will never ask for your eID, password, etc. by email or in a survey. If you are uncertain about the legitimacy of an email, check the Phishing scams website. When in doubt don’t respond, just delete.
Contact the IT Help Desk 785-532-7722 if you have additional questions about phishing scams.
Attention, K-State faculty, staff, and students.
Since the start of the spring 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 10 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.
THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.
Abide by this simple rule and you will be safe from these scams and others: NEVER provide your password to anyone in response to an email!
Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”
In the past month, nearly 200 K-State computers were compromised when people were tricked into opening a malicious e-mail attachment. Since January, nearly 300 K-Staters have given their eID password to hackers in response to spear phishing e-mail scams.
Besides a reminder to never give out your eID password in an e-mail, it is time once again to emphasize the importance of individual users learning how to recognize a scam or malicious e-mail.
One of the best tools for learning how to distinguish a legitimate e-mail from a malicious one is the Phishing and Spam IQ Quiz produced by Sonicwall. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message.
Continue reading “Teach yourself how to recognize an e-mail scam”
In order to protect your e-mail, K-State is monitoring the volume of outgoing e-mail from single accounts to identify potentially compromised accounts. A compromised account is an account that can be accessed by someone other than the owner. This is typically the result of the owner replying to a phishing scam. Once an e-mail account has been compromised, unauthorized e-mail messages can be sent from that e-mail.
An account will be identified as compromised if 50 percent of the e-mail messages sent by that account are to external e-mail addresses (addresses that are not k-state.edu or ksu.edu) and the number of messages sent to external e-mail addresses exceeds 1,500 per day. Only mail sent directly from a K-State Zimbra account is exposed to this monitoring. This includes mail sent from local desktop clients, such as Thunderbird or MacMail. Mail sent to a LISTSERV mailing list or from K-State Online is exempt from monitoring.
Continue reading “Zimbra Weekly: Proactively protecting K-Staters from phishing scams”
Once again, K-State students, faculty, and staff are the target for spammers trying to trick you into divulging your eID and password in order to compromise your K-State e-mail account and use it to send more spam to thousands of others. Numerous instances of these scams have cropped up this week. This is a reminder that K-State will never ask for your password in an e-mail. For additional information on IT security, see the Jan. 20 InfoTech Tuesday article, “Five Things You Need to Know about IT Security at K-State“.
Over the last several weeks, an e-mail has been received by K-Staters telling recipients that if they contact the sender, they will receive a “very cheap” Macbook. I hate to be the bearer of bad news, but it’s a scam.
Take a look at the e-mail and note some of the factors that should alert you to these kinds of scams. Continue reading ““Very cheap Macbook” is an offer too good to be true”