US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
Report the attack to the police and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.
Kathleen Adams will present “Phishing – not just for days at the lake” at 3 p.m., May 11, via Zoom. Join this session to learn about what happens when a phishing scam hits K-State. So far this year there have been 471 phishing scams reported and 175 compromised eIDs. Phishing is a very serious problem, join the discussion to learn what you can do to protect yourself. Topics include:
- Identifying types of phishing scams
- Sending phishing scams to K-State’s abuse email team with precision
- Learning what we do to take down a phishing scam
- Discovering what happens if an account gets compromised
- Protecting your account from being compromised
Join the session at ksu.zoom.us/j/738417925. Visit the Tech Tips Live! website for information about the series and to view videos of previous sessions.
Attention, K-State faculty, staff, and students.
Since the start of the spring 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 10 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.
THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.
Abide by this simple rule and you will be safe from these scams and others: NEVER provide your password to anyone in response to an email!
Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”
Wednesday, Sept. 9, is the fall-semester deadline for changing passwords on K-State eIDs. This mandatory password change each fall and spring provides more security by preventing long-term use of the same password. That’s also why K-State eID passwords cannot be reused within a two-year period. Passwords must be changed on individual eIDs as well as group eIDs.
New this fall: Passwords can now be 7-30 characters long (minimum is still seven characters). All other criteria remain the same. See the Password FAQs for details (plus tips for choosing a good password).
Other password points you need to know: Continue reading “Longer eID passwords, Sept. 9 deadline, and tips”
Over the past month, K-State was hit by three different attacks using scam e-mails that contained malicious attachments. In the first round, which started July 13, more than 100 K-Staters were tricked into opening the attachments, resulting in at least 113 infected campus computers.
The compromised computers were turned into spam e-mail servers that sent thousands of the same malicious e-mails to people all over campus and the world. In fact, the malware used address books from local e-mail clients on the infected computers to harvest the e-mail addresses it used, which explains why so many people got so many copies at K-State.
Continue reading “Why recent malicious e-mails with attachments were so effective”
Once again, K-State students, faculty, and staff are the target for spammers trying to trick you into divulging your eID and password in order to compromise your K-State e-mail account and use it to send more spam to thousands of others. Numerous instances of these scams have cropped up this week. This is a reminder that K-State will never ask for your password in an e-mail. For additional information on IT security, see the Jan. 20 InfoTech Tuesday article, “Five Things You Need to Know about IT Security at K-State“.
In recent months, K-State has experienced a rash of compromised campus computers used by hackers to send tens or hundreds of thousands of spam messages to the Internet. Besides the embarrassment of having K-State labeled as a source of spam, some of these instances have resulted in K-State being placed on spam block lists where all e-mail from K-State is blocked. To remedy this problem, K-State intends to start blocking the protocol used to deliver e-mail off-campus on three selected portions of the network that typically have the largest percentage of compromised computers — the campus wireless network, and both the wired and wireless networks in the residence halls. This will only affect computers on these three segments of the campus network. All other network segments, including the guest wireless network (SSID=k-state.guest), will be unaffected.
This will take effect during the break between the fall and spring semesters. All students living in the residence halls will be notified about the change before they leave at the end of the fall semester. Continue reading “SMTP to be blocked on residence-hall networks and campus wireless”
A recent article in the New York Times reported that the people responsible for the “Antivirus XP 2008” scam and it’s successor “Antivirus XP 2009” can theoretically make as much as $5 million a year. This type of scam, often referred to as “scareware,” tries to trick the user into buying fake antivirus software by scaring them with false reports of infections. A naive user panics when the warnings pop up on their computer and hands over $49.95, thinking they will get software to disinfect their computer. Instead, all they get is a smaller bank account, a computer that is very difficult to repair, and a lesson learned the hard way.
Continue reading ““Antivirus XP 2008” scareware a lucrative “business””
K-State has now had at least 116 people reply to spear phishing scam e-mails since January 2008 and divulge their eID password to criminals. It is imperative that people learn to recognize scams to protect themselves and the K-State information entrusted to their care.
SonicWALL has produced an excellent 10-question “Phishing and Spam IQ Quiz” to help people learn how to differentiate between scams and legitimate e-mails. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message. Continue reading ““Phishing and Spam IQ Quiz” helps people recognize e-mail scams”