Main menu (IT)

Avoid Fraudulent Email Messages

Higher education continues to be targeted by fraudulent email messages and ransomware attempts. CSUN implemented a solution that checks incoming email from off-campus accounts that contain web links with fraudulent characteristics. If fraudulent characteristics are detected, and a user clicks on one of these links, the user is directed to a page indicating the website has been blocked. CSUN also implemented a solution that detects and prevents incoming phishing attacks from non-CSUN email addresses. This solution blocks approximately 60,000 fraudulent messages every month.

Despite taking preventive measures, phishing email attacks continue to be sent from compromised faculty and staff accounts. The best method to prevent these attacks is to never provide your CSUN user ID and password in response to an email request and to question the source of the email received.

Business E-mail Compromise Scams 
FBI PSA: directed / produced by CSUN's Nate Thomas. 

Tips and Resources

Characteristics of a Phishing Email

It can be very tricky to identify a phishing scam, but here are some common traits:  

  • Ask for sensitive information (e.g. click here to verify your username and password)
  • Ask you to download something (e.g. click here to get the necessary virus update file)
  • Contain spelling and/or grammatical errors (e.g., thank you, from trusted administrator)
  • Threaten you (e.g. do this or else your account will be deleted)
  • Contain suspicious web addresses/URLs (e.g. visit the CSUN page by visiting: http:// www. csunorg31.com/account)
  • Contain unexpected/inaccurate content (e.g. you've exceeded your email quota)
  • Are generically addressed (e.g. dear CSUN customer)
  • Expresses an urgency (e.g. you must click here immediately to avoid having your account terminated)

How to Avoid Sending Email Messages That Resemble Phishing Attempts

Phishing emails typically follow a certain structure so here are some tips for you to use when sending your own emails:

  • When possible, use the proper salutation, such as 'Dear John' instead of 'Dear Employee'. 
  • DO use the subject line. Be sure to include a short, descriptive subject for your email.   
  • Use the appropriate capitalization, punctuation and spelling. Emails or subject lines written in all caps, spelled incorrectly or lacking punctuation appear to be suspicious in nature. 
  • Refrain from using specialized formatting such as non-standard fonts, sizes or colors. 
  • Do not embed background graphics, logos or URLs. This embedded content is often used to propagate viruses and additional spam. If you need to point readers to a specific site, spell out the navigation. Example: Go to the CSUN homepage > Select Inside CSUN, etc. 

Ransomware

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key. Visit the Ransomware page for more information. 

Phishing Examples