Email and Phishing Scams

What is Phishing?


phish·ing
ˈfiSHiNG/
noun
  1. the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Want to Learn About Spear Phishing Emails?

Check out this 2:28 minute training video on email phishing and how to protect your personal information and the campus data security.

What is Phishing Video

 

 

 

 

 

 

 

Phishing Emails

Phishing is a method of trying to gather personal information using deceptive e-mails and websites.Spear phishers distribute malware in emails or breach your account to steal personal and organization information. 91% of data security breaches start with an email attack.

These attacks are easier to spot once you know what to look for. Be on the lookout for the following indicators of a malicious email:

  • Email is from a sender you don't recognize
  • Message is unexpected or unsolicited
  • Sender's organization name doesn't match the email address domain
  • Subject of the email uses emotional topics, urgent deadlines for response, too-good-to-be-true claims, or tries to scare you
  • Contains spelling or grammar mistakes
  • Asks you to download an attachment, enter personal information such as a password or social security number

Phishing vs. Spam

Spam is not the same thing as a phishing email. Spam is unsolicited commercial email, often delivered to a large number of individuals. Phishing is an active attempt to get you to click a dangerous link, download a file infected with malware, or enter personal information such as passwords or social security numbers. Spam can blocked or deleted, but phishing emails should be reported.

What Can You Do?

Preview emails in Outlook before opening and look for these three elements: 

Attachments

When an attachment comes from someone you don't know or if you weren't expecting the file, make sure it's legitimate before opening it. 

Log-in Pages

Spear phishers will often forge log-in pages to look exactly like the real thing in order to steal your credentials.

Links

Roll your mouse pointer over the link and see if the URL that pops up matches what's in the email message. If they don't match, don't click.

If you see something that looks off, don't open or click the message. Contact the OIT Technology Support Desk at techsupport@csustan.edu and report the email. You can also use the PhishMe Report Phishing button in newer versions of Outlook to submit a suspected phishing attempt to OIT. Even if you aren't sure, contact OIT to check it out. Better safe than sorry.

Check Out Our Recent Phishing Educational Campaign

This phishing email was sent to campus in April as an educational campaign. It relied on curiosity to prompt viewers into clicking the active link. If this had been a real phishing attempt, clicking the link could have stolen personal data from the viewer, or uploaded malware into the campus network. Always stop and think before clicking a link, and always contact OIT if you suspect a phishing attempt.

Example of phishing email used in recent educational campaign.

Contact the OIT Technology Support Desk at techsupport@csustan.edu and report the email.

To learn more about the Stanislaus State CoFense Email Security Initiative: CoFense Implementation Plan Summary May 2018.pdf