Skip to the content

Kansas State University

  1. K-State home >
  2. Information Technology Services >
  3. Security >
  4. Internet Safety >
  5. Email Threats >
  6. Identifying and Responding to a Scam

Identifying and Responding to a scam

How do I identify an email scam?

With all the spams, scams, and strange e-mail arriving these days, it's hard to tell what's real and what isn't. Here's a handful of basic, common-sense ways to check your e-mail. Some of these points may not be indicators by themselves(we all have bad spelling and grammar sometimes), but when you start adding them up they can be a great indicator of a scam.

  1. Be skeptical about everything in your e-mailbox.
    Don't make exceptions, not even for e-mail apparently from friends or family. (Any e-mail address can be easily copied, forged, or mass-distributed.)

  2. Watch for misspellings, poor grammar, or unusual forms of words.
    There are a variety of ways this may be apparent. Misspellings and poor gramar are generally tell-tale signs that the email is a scam written by someone for whom English is not thier first language. Some things that might stand out are the use of Ksu, instead of KSU or K-State, finding sentances that don't makes sense at all, or finding words that are used out of context.

  3. Pay close attention to the sender of the email and who you're replying to.
    • First: Did the email come from a K-State address? If the email didn't originate from someone @ksu.edu or @k-state.edu then there's a good chance that its scam.
    • Second: where do the replies to the email go to? Look for the words "Reply-to:" in the header, if they are different from the "From:" then the email is likely to be a scam.
  4. Be highly suspicious of e-mail that tells you to send copies to others.
    By definition, these messages are also chain letters and are banned by K-State's Information Technology Usage Policy.

  5. Check full e-mail headers on questionable e-mail.
    The Received line shows the route the e-mail took to get to you. (For details on how to do this, contact the IT Help Desk, 532-7722, helpdesk@ksu.edu.)

  6. Check a reliable, reputable website that documents viruses, hoaxes, scams, and/or fraud.
    Good sites include:
  7. Do a quick search on google.com or other major search engine.
    Search for the subject of the e-mail or the file being warned about, such as "jdbgmgr.exe". You'll be surprised how much information you find.

What do I do if I already responded to a scam?

K-State is constantly targeted by spear phishing attacks that try to trick people into divulging their eID password. If you reply to any of these scam e-mails and provided your password, take the following steps immediately:

  1. Change your password
    Log in to your eID profile and change your password right away. Most of the time, scammers won't use your address immediately, so sometimes just changing your password quickly can stave off the attack.

  2. Check your WebMail configuration for changes
    Be sure to pay close attention to things like the "Reply-to:" address and your signature block. Scammers will change the information in these so that when they use your address to send scam emails, the replies go to an address that they have better access to.

  3. Contact the IT Security Team
    Email us as soon as you think there's been a breach so we can determine if your eID was misused in any way. If you think have been compromised, send an email to: Security@K-State.edu. If you have identified a scam email that you have not replied to, send it to abuse@k-state.edu

The criminals are getting better at making their scams appear legitimate. Some of them even reference "K-State eids" and appear to be sent from the "KSU Helpdesk," but we assure you that they are not. So, don't feel embarassed if you have fallen for one of these scams. Please report it to us as soon as possible, so we can ensure that all of the necessary steps are being taken to safeguard you and your fellow computer users.