Phishing and other cybercrimes
Cybercrime is any criminal act that involves a computer or other network connected device, the Internet, or computer technology. The two most common types of cybercrime are phishing scams and malware.
Phishing is a way cybercriminals try to trick you into sharing personal information, such as passwords or credit card, social security, and bank account numbers, by sending you fradulent emails or directing you to a fake website.
Phishing emails are designed for trickery and appear to be from legitimate organizations like K-State, PayPal, FedEx, your bank, or a government agency. The emails request updates, or confirmation of account information, often suggesting there is a problem. You're then redirected to a fraudulent site and tricked into entering account information, which can result in compromising your account(s) or even identity theft. Don't take the bait!
K-State and legitimate businesses will NEVER ask for your account, personal, or financial information by email.
Signs it's a scam
Learn to recognize a phishing scam and help protect yourself from identity theft.
- Urgent or threatening tone.
- Email address doesn't match sender's name.
- Unexpected attachments.
- Generic greeting.
- Typos, misspellings, and improper grammar.
- Fake web addresses made to look legitimate.
- Link text and destination differ when hovered over.
If you think you've fallen for a phishing scam
- Change your password immediately.
- Turn off your computer and alert your system administrator, who will check to determine if any malware has been put on your machine and remove it. If you don't have a system administrator, contact the IT Help Desk at 785-532-7722.
- Check whether your e-mail forwarding has been changed.
- From your eProfile page, check your alternate email address to ensure it hasn't been changed.
- Check your eID password-reset options to verify they haven't been changed.
- If you use similar passwords on other accounts (bank account, healthcare, retirement, etc.) change those passwords as well.
- For the next year, review your bank and credit card statements to check for suspicious activity. Change passwords on all relevant accounts.
NOTE: Cybercriminals will sometimes hold personal identity information and use it much later.
- Check your "Sent" and "Drafts" email folders to see if your account has been used to send additional scams to other people. Delete any emails in "Drafts" to keep them from being sent, and notify recipients of any "Sent" emails that your previous email was a scam. Use some method other than email to notify those people.
- Don't reply to suspicious, unexpected, or strange email.
- Be wary of email with urgent requests for your personal or financial information, or your sign in credentials.
- Don't open unexpected or unusual attachments, attachments from strangers, or strange looking emails.
- Don't click links in unexpected emails, emails you suspect are fraudulent, or if you don't know the sender.
- Don't click Sign In links. Go to the business website and sign in there, or contact their customer service for help.
- Avoid filling out forms in email messages that ask for financial information. Only share credit card information via secure website or telephone.
Malware is short for malicious software and is used as a catch-all term to refer to any software that causes damage to a computer, server, or computer network. Malware on your computer could lead to:
- theft of personal information
- spam being sent to other computer users worldwide
- your computer running more slowly
- your computer crashing more often and taking longer to start up
- the use of valuable computer memory and hard disk space
- the alteration of your computer's settings from what the manufacturer intended
While many of these dangers can render a computer or the data on it useless, there are ways to mitigate the damage, and in many cases to stop the attack before it becomes a problem.
Types of malware
A malicious program that usually requires some action on the part of a user in order to infect a computer; for example, opening an infected attachment or clicking on a link in a rigged email may trigger a virus to infect your computer.
Self-replicating malware that, for instance, hunts down unprotected computers and recruits them for criminal or other malicious purposes. Unlike a virus, worms do not require any action on your part in order to infect your computer.
A Trojan horse, in software terms, refers to a malicious piece of software that is hidden inside an apparently useful and innocent application. Users systems generally become infected by trojan horses when they install software or a fake "patch" from an Internet download or an email attachment.
Spyware and adware are small software programs that get stored on your computer without your permission, usually when you visit a website, sign up for "free" mailings, or download "free" software. These programs Data Mine, or gather information about your computer use, web browsing, online purchasing and send it to sites that may sell it to others.
Rootkits are designed to give an attacker "root" or administrative access to a victim's computer. With root access, an attacker can perform a variety of tasks on the computer including browsing the infected computer's hard drive, making new user accounts or changing existing ones, or even using the computer's network connection for nefarious purposes.
- Install K-State's antivirus software - All K-Staters are required to use K-State's antivirus software. It is available to faculty, staff, and students at no charge for campus and home use.
- Install critical software updates - Microsoft Windows Update for PCs; Apple Support Downloads for Mac.
- Install anti-spyware software and ensure that it is kept up-to-date.
- Be cautious of email attachments - never open unexpected attachments.