Higher education continues to be targeted by fraudulent email messages. We are taking actions to help reduce the effects of these "phishing" email attacks. As an example, CSUN implemented a solution that checks incoming email from off-campus accounts with web links with fraudulent characteristics. If the solution detects fraudulent characteristics, and the user clicks one of these links, they will be directed to a page indicating the website has been blocked. CSUN also implemented a solution that specializes in detecting and preventing incoming phishing attacks from non-CSUN email addresses has been implemented and now blocks approximately 60,000 fraudulent messages every month.
Despite taking preventive measures, phishing email attacks continue to be sent from compromised faculty and staff accounts. The best method to prevent these attacks is to never enter your CSUN user ID and password in response to an email request.
Characteristics of a phishing email
It can be very tricky to identify a phishing scam, but here are some common traits:
- Ask for sensitive information (e.g. click here to verify your username and password)
- Ask you to download something (e.g. click here to get the necessary virus update file)
- Contain spelling and/or grammatical errors (e.g., thank you, from trusted administrator)
- Threaten you (e.g. do this or else your account will be deleted)
- Contain suspicious web addresses/URLs (e.g. visit the CSUN page by visiting: http:// www. csunorg31.com/account)
- Contain unexpected/inaccurate content (e.g. you've exceeded your email quota)
- Are generically addressed (e.g. dear CSUN customer)
- Expresses an urgency (e.g. you must click here immediately to avoid having your account terminated)
View Phishing Examples.
How to avoid sending email messages that resemble phishing attempts
Phishing emails typically follow a certain structure so here are some tips for you to use when sending your own emails:
- When possible, use the proper salutation, such as 'Dear John' instead of 'Dear Employee'.
- DO use the subject line. Be sure to include a short, descriptive subject for your email.
- Use the appropriate capitalization, punctuation and spelling. Emails or subject lines written in all caps, spelled incorrectly or lacking punctuation appear to be suspicious in nature.
- Refrain from using specialized formatting such as non-standard fonts, sizes or colors.
- Do not embed background graphics, logos or URLs. This embedded content is often used to propagate viruses and additional spam. If you need to point readers to a specific site, spell out the navigation. Example: Go to the CSUN homepage > Select Inside CSUN, etc.