shortcut to content
Minnesota State University, Mankato
Minnesota State University, Mankato

Announcement

Page address: http://www.mnsu.edu/news/read/?id=1505827207&paper=security

Personal Safety Alert- Fraud

Fraud 09/19/2017

Earlier today (Monday, 09/18/2017) University Security and ITS Information Security learned that several students had received emails indicating that they should log into their StarID accounts to keep the accounts from deactivating. The emails provided a link to a non-University website that was used to steal usernames and passwords. The recipients of the stolen information changed direct deposit information in E-services, thereby intercepting deposits meant for students. University officials are investigating and following up with any other possible victims.

2017-09-19
Fraud

 Earlier today (Monday, 09/18/2017) University Security and ITS Information Security learned that several students had received emails indicating that they should log into their StarID accounts to keep the accounts from deactivating. The emails provided a link to a non-University website that was used to steal usernames and passwords. The recipients of the stolen information changed direct deposit information in E-services, thereby intercepting deposits meant for students. University officials are investigating and following up with any other possible victims.

If you did not receive an expected deposit, contact the Campus Hub.

If you believe you have clicked an email link to verify your email account or verify your StarID account, change your password immediately using https://starid.minnstate.edu/

Anyone with information about the above incident are urged to call University Security at 507-389-2111 or the Mankato Police at 507-387-8770.

The crime described in this alert is called phishing. Phishing is the term given to communications, usually email, where the attacker tries to fool the target into revealing private information about themselves or their organization. Often claiming to be IT Solutions, the attacker will usually include hyperlinks to malicious websites in the email that appear to be legitimate or include malicious attachments. Simply visiting the URL or downloading the attachment can be enough to compromise your machine.

How does phishing affect me?

If your account is compromised, attackers will often start sending out more phishing emails from your account. This could damage your reputation and decrease the trust others place in your future emails.
Additionally, attackers may be able to compromise any other accounts attributed to that email address. This could include bank accounts, social networking accounts, file backup, remote connection to your computer, and so on.

How can I protect myself from this?

When you receive an email about your account, instead of clicking on the link, open your browser and manually type in the site address. From there, click to your account management and make the changes that need to be made. Because you are going to the site yourself, you can be more confident that you are in the right place.

For more information about phishing, or to report phishing, go to the Minnesota State Mankato ITS Security website (https://link.mnsu.edu/phishing)

Email this article | Permanent link | Security news | Security news archives