Kansas State University


IT News

Tag: scams

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

Beware: tis the season for holiday scams

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
    Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

Tech Tips Live! May 11: Phishing – not just for days at the lake!

Kathleen Adams will present “Phishing – not just for days at the lake” at 3 p.m., Tech Tips Live! logoMay 11, via Zoom. Join this session to learn about what happens when a phishing scam hits K-State. So far this year there have been 471 phishing scams reported and 175 compromised eIDs. Phishing is a very serious problem, join the discussion to learn what you can do to protect yourself. Topics include:

  • Identifying types of phishing scams
  • Sending phishing scams to K-State’s abuse email team with precision
  • Learning what we do to take down a phishing scam
  • Discovering what happens if an account gets compromised
  • Protecting your account from being compromised

Join the session at ksu.zoom.us/j/738417925. Visit the Tech Tips Live! website for information about the series and to view videos of previous sessions.

Warning: Increase in phishing scam emails trying to steal K-State eID passwords

Attention, K-State faculty, staff, and students.

Since the start of the spring 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 10 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.

THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.

Abide by this simple rule and you will be safe from these scams and others:  NEVER provide your password to anyone in response to an email!

Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”

Five things you need to know about IT security at K-State

Thousands of new faculty, staff, and students have arrived and a new semester has begun, so it is time to remind everyone of their personal responsibility in protecting themselves online and keeping K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State thus far in 2009, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you need to know about IT security at K-State:

  1. Never give your password to anyone in an e-mail message. K-State has been plagued by more than 200 instances of e-mail scams over the last year that try to trick people into replying with their eID password (yes, that’s nearly one per day). In fact, thus far in 2009, nearly 300 K-Staters have had their eID password stolen this way. If you remember this one simple rule, you can prevent becoming a victim of these scams:  K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Continue reading “Five things you need to know about IT security at K-State”

Longer eID passwords, Sept. 9 deadline, and tips

verifyWednesday, Sept. 9, is the fall-semester deadline for changing passwords on K-State eIDs. This mandatory password change each fall and spring provides more security by preventing long-term use of the same password. That’s also why K-State eID passwords cannot be reused within a two-year period. Passwords must be changed on individual eIDs as well as group eIDs.

New this fall: Passwords can now be 7-30 characters long (minimum is still seven characters). All other criteria remain the same. See the Password FAQs for details (plus tips for choosing a good password).

Other password points you need to know: Continue reading “Longer eID passwords, Sept. 9 deadline, and tips”

Why recent malicious e-mails with attachments were so effective

Over the past month, K-State was hit by three different attacks using scam e-mails that contained malicious attachments. In the first round, which started July 13, more than 100 K-Staters were tricked into opening the attachments, resulting in at least 113 infected campus computers.

The compromised computers were turned into spam e-mail servers that sent thousands of the same malicious e-mails to people all over campus and the world. In fact, the malware used address books from local e-mail clients on the infected computers to harvest the e-mail addresses it used, which explains why so many people got so many copies at K-State.

Continue reading “Why recent malicious e-mails with attachments were so effective”

Reminder: K-State will never ask for your password in an e-mail

Once again, K-State students, faculty, and staff are the target for spammers trying to trick you into divulging your eID and password in order to compromise your K-State e-mail account and use it to send more spam to thousands of others. Numerous instances of these scams have cropped up this week. This is a reminder that K-State will never ask for your password in an e-mail. For additional information on IT security, see the Jan. 20 InfoTech Tuesday article, “Five Things You Need to Know about IT Security at K-State“.

SMTP to be blocked on residence-hall networks and campus wireless

In recent months, K-State has experienced a rash of compromised campus computers used by hackers to send tens or hundreds of thousands of spam messages to the Internet. Besides the embarrassment of having K-State labeled as a source of spam, some of these instances have resulted in K-State being placed on spam block lists where all e-mail from K-State is blocked. To remedy this problem, K-State intends to start blocking the protocol used to deliver e-mail off-campus on three selected portions of the network that typically have the largest percentage of compromised computers — the campus wireless network, and both the wired and wireless networks in the residence halls. This will only affect computers on these three segments of the campus network. All other network segments, including the guest wireless network (SSID=k-state.guest), will be unaffected.

This will take effect during the break between the fall and spring semesters. All students living in the residence halls will be notified about the change before they leave at the end of the fall semester. Continue reading “SMTP to be blocked on residence-hall networks and campus wireless”

“Antivirus XP 2008” scareware a lucrative “business”

A recent article in the New York Times reported that the people responsible for the “Antivirus XP 2008” scam and it’s successor “Antivirus XP 2009” can theoretically make as much as $5 million a year. This type of scam, often referred to as “scareware,” tries to trick the user into buying fake antivirus software by scaring them with false reports of infections. A naive user panics when the warnings pop up on their computer and hands over $49.95, thinking they will get software to disinfect their computer. Instead, all they get is a smaller bank account, a computer that is very difficult to repair, and a lesson learned the hard way.

Continue reading ““Antivirus XP 2008” scareware a lucrative “business””

“Phishing and Spam IQ Quiz” helps people recognize e-mail scams

K-State has now had at least 116 people reply to spear phishing scam e-mails since January 2008 and divulge their eID password to criminals. It is imperative that people learn to recognize scams to protect themselves and the K-State information entrusted to their care.

SonicWALL has produced an excellent 10-question “Phishing and Spam IQ Quiz” to help people learn how to differentiate between scams and legitimate e-mails. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message. Continue reading ““Phishing and Spam IQ Quiz” helps people recognize e-mail scams”