Phishing scams compromise 367 K-State accounts in first 6 weeks of 2017


When it doubt, don’t give it out.

If students only remember one thing about phishing scams, that is what Rebecca Gould, director of the Information Technology Assistant Center (iTAC), wishes they would remember.

“Scammers are getting more sophisticated,” Gould said. “The scams sent out have the look and feel of a real email, and people are responding.”

According to the K-State IT Help Desk, there were 313 compromised accounts connected to people at K-State in January 2017, compared to only nine compromised accounts in January 2016.

As of Feb. 7, 54 accounts of K-State individuals have been compromised in just the first week of February.

“A compromised account means someone has shared their info inappropriately,” Gould said. “It can be through phone or over email.”

The 367 compromised accounts connected to K-State mean 367 individuals shared their K-State eID and password with scammers.

Jeopardizing university access to resources

In a K-State Today update sent to all students on Feb. 6, students were told K-State and other universities are being targeted by scammers to capture student credentials in order to illegally obtain access to licensed and copyrighted material from libraries’ electronic resources.

“Too many of these breaches mean K-State could lose access permanently to valuable electronic research,” the release states.

Lori Goetsch, dean of K-State Libraries, said in the statement that iTAC will never ask for passwords in an email.

“We have to be diligent to avoid falling prey to these phishing scams,” Goetsch said.

Preventative actions

In order to reduce the number of accounts compromised, Gould said iTAC is working to ensure there is less risk to students, faculty and staff of K-State.

“We’re fine-tuning the email rules that allow emails to go through our filtering system,” Gould said. “If they get through, we’re evaluating the process in removing these emails from inboxes.”

Gould said since many students do not check their emails daily and may not respond to a phishing email until day three, this would give iTAC time to remove those scams before individuals even had the chance to respond and give out their information.

“One of our long-term goals is to make it so it won’t be so easy to access our system,” Gould said.

Be discerning

“Typically the busiest times of the academic semester are when phishers are trying to get information from our students,” Gould said. “Students are tired, they’re thinking of other things, so why not put their credentials into that email? If they look phishy, delete them.”

Hi, I'm Kaitlyn Alanis, former news editor for the Collegian and a May 2017 graduate in agricultural communications and journalism. I have never tried a hamburger and I hate the taste of coffee, but I love writing stories and sharing what I learn with our readers. By writing for the Collegian, I can now not only sing along when the K-State Band plays "The Band is Hot," but I also know that most agriculture students did not grow up on a farm, how to use an AED to save someone's life and why there is a bust of MLK Jr. outside of Ahearn Field House. Thanks for reading!