September 23, 2014
Increase in phishing-scam emails trying to steal K-State eID passwords
The beginning of every semester, K-State sees a significant increase in the number of phishing-scam emails trying to steal eID passwords. These emails try to trick K-Staters into providing their eID and password to criminals under the guise of "false emergency" emails, including:
- "Upgrade your webmail account!"
- "Your mailbox storage limit is full!"
- "Your data/photos/etc. will be lost!"
These are all scams. K-State Information Technology Services staff will never ask for your password in an email. Do not reply to these scam emails, or click on a link in email and fill out a form with your eID and password. Abide by one simple rule and you will be safe from these scams and others:
Never provide your password to anyone in response to an email!
If a scammer gets your eID password, they can access, control and damage your K‑State resources, including these and others that may contain personal identity details:
- Email/webmail account
- HRIS employee information system
- iSIS student information system
- Wireless campus networks
- K-State Online
Stolen eIDs and passwords can be used to sign in to K-State's email and send thousands of spam messages to people around the world. As a result, K-State gets placed on spam block lists where email services like hotmail.com, msn.com and comcast.net temporarily reject all email from K-State.
Last week, Qualtrics reported that a scam was used to obtain credentials and send out more than a million surveys. A K-Stater fell prey to this scam, and their account attempted to send out more than 5,000 surveys. It was locked by Qualtrics. Scam emails arrive at K-State daily and appear legitimate. Recent examples of scam emails received at K-State are posted on K-State's IT Security Threats blog.
- Don't be fooled. Delete anything that asks for your password.
- If you have responded to an email scam, go to eid.k‑state.edu immediately and change your password so your credentials won't be used for malicious purposes.
- Learn how to recognize many kinds of scams by visiting K‑State's email threats website.
- If you doubt the legitimacy of an email, ask your K-State IT support person or contact the IT Help Desk, 785-532-7722, firstname.lastname@example.org.