It can be very tricky to identify a phishing scam, but here are some common traits:
- Ask for sensitive information (e.g. click here to verify your username and password)
- Ask you to download something (e.g. click here to get the necessary virus update file)
- Contain spelling and/or grammatical errors (e.g., thank you, from trusted administrator)
- Threaten you (e.g. do this or else your account will be deleted)
- Contain suspicious web addresses/URLs (e.g. visit the CSUN page by visiting: http:// www. csunorg31.com/account)
- Contain unexpected/inaccurate content (e.g. you've exceeded your email quota)
- Are generically addressed (e.g. dear CSUN customer)
- Expresses an urgency (e.g. you must click here immediately to avoid having your account terminated)
For more information, visit the CSUN Spam Prevention page.
Phishing emails typically follow a certain structure so here are some tips for you to use when sending your own emails:
- When possible, use the proper salutation, such as 'Dear John' instead of 'Dear Employee'.
- DO use the subject line. Be sure to include a short, descriptive subject for your email.
- Use the appropriate capitalization, punctuation and spelling. Emails or subject lines written in all caps, spelled incorrectly or lacking punctuation appear to be suspicious in nature.
- Refrain from using specialized formatting such as non-standard fonts, sizes or colors.
- Do not embed background graphics, logos or URLs. This embedded content is often used to propagate viruses and additional spam. If you need to point readers to a specific site, spell out the navigation. Example: Go to the CSUN homepage > Select Inside CSUN, etc.
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key. Visit the Ransomware page for more information.