Phishing scams steal private information from unsuspecting students

Scammers attempt to compromise student accounts through various methods, most notably phishing. (Archive photo illustration by George Walker | The Collegian)

As a new school year begins, scammers attempt to gain access to student’s personal information  by sending out mass messages to student email accounts, Josh McCune, director of Security Intelligence and Operations Center at Kansas State, said.

McCune said this method of scamming, also known as phishing, has deceived many K-State students, compromising their email accounts.

“Phishing refers to any attempt at social engineering to manipulate somebody into giving up secret information,” McCune said.

The main reason why students are affected by phishing scams is because they haven’t been warned about them, McCune said.

Summer Sperke, a sophomore in communications, personally encountered a phishing scam.

“I got this email saying my Outlook was compromised,” Sperke said. “I was super confused. I remember I texted my friends and they all told me it was a scam.”

Sperke said she would have fallen for the phishing without her friends’ advice.

When scammers get student login information, they can use those students’ email accounts to send more scams to other students, McCune said.

“If we identify an account as compromised, we will immediately change the password and turn that over to the help desk, where they will go through and contact the user and validate their identity,” McCune said.

Lydia Gerstner, a freshman in interior design, said she is worried about distinguishing between a phishing scam and a real email from K-State.

“Honestly, if it looked pretty legit, I feel like I would fall for a scam and I feel like other college students would as well,” Gerstner said.

Though phishing scams can be pretty convincing, there are some warning signs students should look for when determining whether an email is legitimate, McCune said.

“Take a close look at the details,” McCune said. “You may have a Word doc attached to an email you weren’t expecting that may have malicious content in it trying to deliver malware. It will often have a generic greeting, like ‘Dear User’, or typos, misspellings, improper grammar, fake web addresses — often you’ll see that the link claims to be going to the page, but when you hover the mouse over it you’ll see that it goes somewhere else entirely.”

According to K-State’s IT News article, common phishing scams may contain headlines urging students to upgrade a webmail account, or have messages stating that their mailbox storage is full. 

For a list of popular phishing scams, visit K-State’s scams page.

Email phishing scams can lead to serious issues such as a compromised bank account, McCune said.

“If [scammers] decide to use your email password to log into your KSIS portal, and instead set up different bank accounts for your financial aid refund, we don’t see it until money’s gone out the door,” McCune said. “Don’t reuse passwords, because if you give up your K-State password, we want that to be your only vulnerability.”

McCune said students should forward phishing scam messages to where a team of analysts will investigate.

For more information regarding phishing scams, visit Cybersecurity at K-State.