K-State IT security analyst recommends ‘informed userbase’ to prevent phishing scams

Cybercriminals employ various methods to attempt to gain access to K-State's secure network, including trying to phish user's credentials. (George Walker | Collegian Media Group)

Automatic measures protect Kansas State students from thousands of email scams every day, but some still make it through.

A phishing scam is an email that seeks to trick receivers to turn over passwords and other information that could be used against them. Someone may get an email about a job offer that, when pursued, ends with the “employer” asking for a bunch of personal information over email, or they could get an email from someone posing as a faculty member who needs their password.

“Attackers could have any number of motivations,” Josh McCune, a K-State IT security analyst, said. “One of the most frequent uses we see of compromised credentials is the propagation of additional scams using a ksu.edu account to phish other ksu.edu accounts bypasses some of the spam protection that we have in place.”

He said ksu.edu emails are targeted because they can be used to get research data, a common goal of many phishing scams.

Jordan Bauman, IT Help Desk worker and sophomore in management information systems, said phishers commonly attach an “alternative email” to send and receive messages. Bauman said this method allows scammers to use an email without its owner even knowing that it is being used and has lead to rerouting financial aid in very rare cases.

K-State isn’t letting these phishing scam emails just slip by. McCune said many emails are filtered and a majority of harmful emails won’t even be seen. On Sept. 12 alone, more than 139,000 emails and even more IP addresses were blocked from K-State’s Outlook server.

McCune said these emails and IP addresses are blocked through firewalls — scripts that delete scam emails — and targeted blocking of compromised accounts. They also flag emails that may be malicious.

“K-State applies warning banners on emails that contain the words ‘gift card’ because we’ve seen a lot of gift card scams,” Vernon Turner, IT manager, said.

Preventing phishing scams also relies heavily on students.

“If you believe that you may have been sent a phishing scam, even if you’re not sure, forward it to abuse@ksu.edu and don’t click on any links contained in the message,” McCune said. “That email is used to target, delete and prevent scams like it in the future.”

If an account has definitely been compromised, the owner can also report it to the same email.

“If a student happens to fall for a phishing scam their eID is locked and their password is scrambled,” Turner said. “The IT Helpdesk will contact the student and get their eID account unlocked and password changed.”

University emails may be attacked more because of the access to research and financial aid, but the IT Helpdesk has a lot of protection in place to correct any problems that may arise. However, the problem may never disappear completely, McCune said.

“Unfortunately I don’t see any way to completely eliminate them,” McCune said. “Every time we take a step toward better detection, the attackers find new ways to evade. While the automated tools certainly prevent a number of scams from making it to inboxes, our best defense is an informed userbase.”

To become informed, McCune and Turner both suggest checking out IT’s website and following K-State IT Status on Twitter.