Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, social security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both.
Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.
This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim.
Reporting a Phishing Email Attempt
When reporting a phishing or spam email to abuse@csun.edu, Information Technology will ask you to send the email as an attachment. Sending the email as an attachment allows Information Technology the ability to see full email headers, providing all the information needed to investigate the email. If you need instructions on how to send the email as an attachment, visit the How to Forward an Email as an Attachment page.
Phishing Examples
---Start of Message---
---End of Message---
How we know it's phishing.
- Help Center does not sent text messages to students.
- Help Center will never ask for a passcode.
- This message contains many errors such as spacing between words.
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Wednesday, March, 2024 5:01:30 AM
Subject: IMPORTANT CSUN MEMO FROM HR: ASSESSMENT REPORTS FOR FACULTY AND STAFF 2024
Hope this email finds you well.
I am pleased to inform you that the HR Department has recently finalized the Assessment Report for all staff members. It is imperative that you treat this matter with urgency.
Attached below, you will find the relevant file that contains your assessment report. Please open it to access the information.
CLICK HERE TO VIEW REPORTS
Thank you for your prompt attention to this matter.
--
Mars Cook
Undergraduate Student, Creative Writing
Peer Writing Specialist - Learning Resource Center
California State University, Northridge
---End of Email---
How we know it's phishing.
- Expresses urgency to an email that users did not expect.
- Sent at a time outside of common office hours; sent at 5:01AM
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Monday, November 6, 2023 5:23:30 PM
Subject: Email confirmation
.
Click here to manage your membership or unsubscribe.
---End of Email---
*Note: The original QR code has been replaced for reference purposes only.
How we know it's phishing.
- The email does not include text, it is in an image.
- This email contains grammatical errors.
- The email asks to scan an unofficial QR code.
- Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: Gxxxx , Lxxxx <xxx.xxx @csun.edu>
Sent: Sunday, January 29, 2023 7:10:29 PM
Subject: ADMINISTRATIVE ASSISTANT REMOTE JOB
Some departments are currently hiring individuals who can assist some of their visiting professors by providing basic admin duties remotely.
The successful candidate will Liaise with staff, other departments, and/or external organization concerning matters regarding assigned work as well as coordinating with the Director.
Weekly Salary:
$400 ( $350 +$50 for miscellaneous including tax)
For more Information. Contact (frank.garza### @gmail.com) with your alternative “email address” as well as your school schedule.
---End of Email---
How we know it's phishing.
- The email does not contain an official CSUN email signature.
- This email contains grammatical errors.
- The email asks to send for more information to an non-CSUN email with an alternative email address.
Examples from previous years can be found below:
