Kansas State University

search

IT News

Password-stealing e-mail scams are back!

Not surprisingly, last Friday saw the return of a spear phishing e-mail scam that tries to steal K-Staters’ eID passwords by tricking them into replying to a bogus e-mail pretending to be from the “THE KSU HELP DESK <hlpdsk@ksu.edu>”.  What is surprising is that at least six K-Staters were duped by the scam and replied to the e-mail, thereby giving their eID password to criminals who promptly used the stolen credentials to sign in to K-State’s WebMail system and send large amounts of spam. This resulted in e-mail from K-State being temporarily blocked by Hotmail over the weekend.

Thus, a repeat of past warnings is warranted: K-State IT support staff will NEVER ask for your password in an e-mail! Nor will any reputable company. If you receive an e-mail asking for your password, assume it is a scam and delete it.

A copy of the scam e-mail from Sept. 5, along with dozens of other scams targeting K-State, is available on K-State’s IT security website.  Hints on how to recognize a scam are also available.

Share this post:

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer