Kansas State University

search

IT News

Tag: spear phishing scam

Six things you need to know about IT security at K-State

K-State broke a record in 2010, but it is not a record to be proud of:  445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.

Obviously, the first thing on this semester’s top-six security list must be:

  1. Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009)  that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
  2. Continue reading “Six things you need to know about IT security at K-State”

Six things you need to know about IT security at K-State

IT security = YOUThus far in 2010, 292 K-Staters have been duped by spear-phishing scam e-mails and given away their eID password to criminals who then use the stolen information to sign in to webmail and send thousands of spam messages. Sadly, we’re on pace to break last year’s record of 431 K-Staters who gave away their passwords in this way.

Obviously, the first thing on this semester’s top-six security list must be:

  1. Never give your password to anyone in an e-mail message! K-State was plagued by nearly 300 instances of phishing scams in 2009 (and 260 thus far in 2010!)  that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
  2. Learn to recognize scams, frauds, and other forms of malicious communications so you don’t become a victim of identity theft, financial fraud, or end up with a compromised computer. Criminals are using all kinds of new tricks and coming at you from all angles — e-mail, social networking sites like Facebook and Twitter, malicious links on webpages, Instant Messaging, phone calls, and even knocking on your door. As an example, last year more than 230 K-Staters were tricked into opening malicious e-mail attachments, resulting in 230+ compromised computers. Be informed and think before you click! Continue reading “Six things you need to know about IT security at K-State”

Dangerous phishing scam hits K-Staters' e-mail

Many K-Staters received a spear phishing scam e-mail on Monday that is particularly dangerous because it seems to refer to upcoming changes in K-State’s e-mail; appears to be from K-State’s IT Help Desk; and asks for your K-State eID and password. The criminals responsible for these scams have obviously done their homework to make the message appear legitimate. But it is not — it is a scam that is trying to steal your eID password and use it to log in to your Webmail account and use it to spam.

As always, though, you can remember this one simple rule and be safe from this type of scam: K-State IT support staff will NEVER ask for your password in an e-mail!

To help you recognize this and other scams like it, the headers of the scam message are:

From: “ITS Help Desk” <helpdesk@ksu.edu>
To: undisclosed-recipients:;
Sent: Sunday, April 4, 2010 6:49:32 PM GMT -06:00 US/Canada Central
Subject: Scheduled Service Maintenance

Continue reading “Dangerous phishing scam hits K-Staters' e-mail”

Spring 2010: Five things you need to know about IT security at K-State

In 2009, 431 K-Staters were duped by spear-phishing scam e-mails and gave away their eID password to criminals, who then used the stolen information to sign in to webmail and send hundreds of thousands of spam messages. Obviously, the first thing on this semester’s top-five security list must be:

  1. Never give your password to anyone in an e-mail message. K-State was plagued by nearly 300 instances of e-mail scams in 2009 that try to trick people into replying with their eID password. It has not slowed down in 2010. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Continue reading “Spring 2010: Five things you need to know about IT security at K-State”

Five things you need to know about IT security at K-State

Thousands of new faculty, staff, and students have arrived and a new semester has begun, so it is time to remind everyone of their personal responsibility in protecting themselves online and keeping K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State thus far in 2009, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you need to know about IT security at K-State:

  1. Never give your password to anyone in an e-mail message. K-State has been plagued by more than 200 instances of e-mail scams over the last year that try to trick people into replying with their eID password (yes, that’s nearly one per day). In fact, thus far in 2009, nearly 300 K-Staters have had their eID password stolen this way. If you remember this one simple rule, you can prevent becoming a victim of these scams:  K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Continue reading “Five things you need to know about IT security at K-State”

64 spear phishing scams and counting

Thus far in 2009, K-State has been the target of at least 64 different spear phishing scams that attempt to steal eID passwords, and at least 41 people have replied to the scams with their password. Of those 41 replies, 37 are known to have been used by criminals to log in to K-State’s WebMail system and send spam. That means K-State is averaging about two new scams every three days and one compromised WebMail account every two days.  The latest compromised eID resulted in someone logging into K-State’s WebMail from the island nation of Mauritius and sending spam from the K-State e-mail servers. Besides the embarrassment of contributing to the worldwide scourge of spam, this has resulted in K-State getting put on spam blocklists for the likes of Hotmail, MSN, and Comcast.

K-Staters are probably tired of hearing this  – IT support staff will never ask for your password in an e-mail. Follow that simple rule, and you will not become a victim of these scams.

Continue reading “64 spear phishing scams and counting”

17+ K-State eID passwords stolen in e-mail scams

The crooks are at it again — in the past week, scam e-mails have tricked at least 17 K-Staters into giving their eID password to criminals, who then log into WebMail with the stolen account information and send thousands of spam messages to the world.

This is a reminder to NEVER provide your password in an e-mail to anyone under any circumstances!

This simple rule will prevent you from becoming a victim of these scams and will help keep K-State off spam block lists, since e-mail service providers will block all e-mail from K-State when they see thousands of spam messages coming from WebMail. Furthermore, K-State IT support staff will NEVER ask for your password in an e-mail, nor will any legitimate business. If you ever get an e-mail asking for your password, personal identity information, or financial account information, you can assume it is a fraud and delete it.

Continue reading “17+ K-State eID passwords stolen in e-mail scams”

eID passwords stolen by spear phishing scams again

One year after receiving the first spear phishing scam, K-Staters are receiving a  flood of new ones in the last week. At least four people have given their eID password to criminals by replying to the scams. In three cases, the criminal(s) used the eID and password to login to K-State’s Webmail and send thousands of spam messages to off-campus sites, thus making K-State appear to be a source of spam and risk getting blocked by major e-mail providers like Hotmail and Gmail.

Remember one simple rule to avoid being a victim of this type of scam: K-State IT support staff will NEVER ask you for your password in an e-mail. Nor would any legitimate business. Thus if you get any kind of e-mail that asks you to reply with your password,  just delete it.

Continue reading “eID passwords stolen by spear phishing scams again”

Five things you need to know about IT security at K-State

A new semester has begun, so it is time to remind everyone of their personal responsibility in helping protect themselves online and keep K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State in 2008, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you should know about IT security at K-State: Continue reading “Five things you need to know about IT security at K-State”

Digital grinches try to steal holiday joy

While Santa was busy spreading holiday cheer and most K-Staters were enjoying a welcomed break, evil grinch hackers were busy trying to rob people of their digital happiness: