1. Kansas State University
  2. »Division of Communications and Marketing
  3. »K-State Today
  4. »Increase in phishing-scam emails trying to steal K-State eID passwords

K-State Today

September 23, 2014

Increase in phishing-scam emails trying to steal K-State eID passwords

Submitted by Information Technology Services

Don't take the bait! K-State will never ask for your password in an email

The beginning of every semester, K-State sees a significant increase in the number of phishing-scam emails trying to steal eID passwords. These emails try to trick K-Staters into providing their eID and password to criminals under the guise of "false emergency" emails, including:

  • "Upgrade your webmail account!"
  • "Your mailbox storage limit is full!"
  • "Your data/photos/etc. will be lost!"

These are all scams. K-State Information Technology Services staff will never ask for your password in an email. Do not reply to these scam emails, or click on a link in email and fill out a form with your eID and password. Abide by one simple rule and you will be safe from these scams and others: 

Never provide your password to anyone in response to an email! 

If a scammer gets your eID password, they can access, control and damage your K‑State resources, including these and others that may contain personal identity details:

  • Email/webmail account
  • HRIS employee information system
  • iSIS student information system
  • Wireless campus networks
  • K-State Online

Stolen eIDs and passwords can be used to sign in to K-State's email and send thousands of spam messages to people around the world. As a result, K-State gets placed on spam block lists where email services like hotmail.com, msn.com and comcast.net temporarily reject all email from K-State.

Last week, Qualtrics reported that a scam was used to obtain credentials and send out more than a million surveys. A K-Stater fell prey to this scam, and their account attempted to send out more than 5,000 surveys. It was locked by Qualtrics. Scam emails arrive at K-State daily and appear legitimate. Recent examples of scam emails received at K-State are posted on K-State's IT Security Threats blog.

  1. Don't be fooled. Delete anything that asks for your password.
  2. If you have responded to an email scam, go to eid.k‑state.edu immediately and change your password so your credentials won't be used for malicious purposes.
  3. Learn how to recognize many kinds of scams by visiting K‑State's email threats website.
  4. If you doubt the legitimacy of an email, ask your K-State IT support person or contact the IT Help Desk, 785-532-7722, helpdesk@k-state.edu.