Critical Notices

Account data breach: Epik

Epik Accounts Posted Online

On September 13, 2021, the domain registrar and web hosting company, Epik, suffered a data breach. This breach contained data for approximately 15 million Epik and non-Epik customers. Allegedly,...

Posted: September 26, 2021, 9:13 PM

A Phishing Scam With A Malicious Attachment

A Well-Designed Attempt to Gather Your Account and Password

DoIT received a report of a phishing scam that depends on the download and execution of an attachment.  The message, as seen below, appears to come from Joel Avila, the CEO of Edwards Label in...

Posted: September 16, 2021, 8:34 PM

False Payment Scams

A Promise To Return A Payment You Never Made

Recently, DOIT received reports of email messages containing variations on the same financial scam.  Examples are included below.  Both the From and the To addresses are fake.  The recipient is...

Posted: September 16, 2021, 3:19 PM

Summary of Phishing Techniques and Defenses

A Recent Report On Phishing Attacks (And How To Avoid Them)

However you get your news, by now you have seen the term 'phishing' used to describe ways to exploit people on the Internet.  You or someone you know may have been the target of a phishing...

Posted: September 16, 2021, 3:15 PM

Account data breach: Nitro

Digital Document Service Breached

In September 2020, a Portable Document Format(PDF) file and digital document service, Nitro, suffered a data breach. This breach contained data for approximately 78 million customers and was...

Posted: September 14, 2021, 4:04 PM

Account data breach: Romwe

Online Fashion Site Breached

In June 2018, an online fashion website, Romwe, suffered a data breach. This breach has data for approximately 20 million customers. The data was sold online. The customer information includes...

Posted: September 14, 2021, 4:00 PM

Vendor Breaches and Account Compromises

Password Stopped Working? This Might Be Why.

Vendor Breaches and Account Compromises Internet vendors will, at times, suffer data breaches.  Sometimes the service will attempt to contact it’s account holders and other times it won’t. ...

Posted: September 14, 2021, 3:54 PM

Phishing Alert: President Freeman A. Hrabowski impersonator

This Is Not Dr. Hrabowski!

Recently, DOIT received an email from a compromised account at North Central Kansas Technical College(NCKTC) impersonating Dr Hrabowski. The email consisted of a Microsoft word document titled...

Posted: September 13, 2021, 6:28 PM

Email marketing and the User-Agent-String

When What Looks Like Phishing Is Just Spam

Recently, DOIT received multiple reports of suspicious messages about student loans from email addresses with the format <>. The recipients of these messages marked them...

Posted: September 13, 2021, 2:45 PM

Retirement Scams

It's All About Getting You To Click That Link

Recently, the Division of Technology(DoIT) has received phishing reports of scammers impersonating state-licensed retirement support representatives. Below is a copy of such a message. The...

Posted: August 17, 2021, 7:35 PM