Phishing Examples

Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, social security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both. 

Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.  

This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim. 

Reporting a Phishing Email Attempt

When reporting a phishing or spam email to abuse@csun.edu, Information Technology will ask you to send the email as an attachment. Sending the email as an attachment allows Information Technology the ability to see full email headers, providing all the information needed to investigate the email. If you need instructions on how to send the email as an attachment, visit the How to Forward an Email as an Attachment page. 

COVID-19 Phishing Attacks

Cybercriminals are capitalizing on Coronavirus (COVID-19) to send fake email and SMS phishing attacks that could infect computers or lead to the theft of logins and personal information. CSUN faculty, staff and students should all be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened. Phishing attacks promise information on COVID-19 and entice users to open malicious attachments (some containing dangerous malware) and follow links designed to steal logins. Cybercriminals build their attacks around major news events and have been doing this for years. They tend to morph relatively quickly from one breaking event to another. With the Coronavirus commanding an almost unprecedented amount of coverage around the world, these latest campaigns have been nothing short of a flurry of attacks that show no signs of slowing down.

For more information visit COVID-19 Phishing Attacks. 

Phishing Examples

---Start of Email---

From: xxxxxxx.xxxxxx @csun.edu <xxxxxxx.xxxxxx @csun.edu>
Sent: Wednesday, September 8, 2021 8:55 AM
To: xxxxxxx xxxxx <xxxxxx .xxxxxx @csun.edu>
Subject: 360 photo booth
Importance: High

　　hi,

　　have a nice day!

　　360 photo booth composed of all-metal stabilized platform + 360° automatic rotation to take pictures, multi-stage adjustment selfie telescopic pole + led colorful light base.

　　if you want to post amazing video on social platforms, make the company's event or party upgrade to an unforgettable and unique experience. just connect your phone, camera or ipad to our device!

　　the price of the three sizes is different: 80cm diameter can stand 1-2 people at same time, 100cm diameter can stand 2-3people and 115cm can stand 3-5people. which size do you need?and can i know how many set do you need?

　　kindly hope can get reply from you.

　　best regards

　　eva wang

---End of Email---

How we know it's phishing.

1. The email does not contain an official CSUN email signature.
2. This email contains grammatical errors.
3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
4. The email does not specify who the recipient is. A formal CSUN email will address the recipient.

---Start of Email---

From: xxxxx xxxxxx< >
Sent: Saturday, August 7, 2021 11:05:19 AM
Subject: Executive Assistant Needed

If you’ve read through the above and are interested in working as a Personal Assistant for xxxx xxxxxx (Paychex)

Performing basic tasks like making reservations, receiving payments, keeping records as well as processing paperwork

when necessary read more!

The Position will take a maximum of an hour daily or maximum of five hours weekly, the pay will be two hundred dollars 

weekly  with regular performance bonus and  benefits, you can work remotely from any location and the Job starts as a part-time offer.

Kindly reply with the information required below if you're interested in the offer.

NAME:

CONTACT ADDRESS:

CITY:

STATE:

ZIP CODE:

MOBILE:

ALTERNATIVE EMAIL:

Kindly forward replies and a resume if available to es or for more details

Regards,

xxxxx xxxxxx

Publicity Manager.

---End of Email---

How we know it's phishing.

1. The email does not contain an official CSUN email signature.
2. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
3. The email does not address a specific recipient.
4. CSUN will never ask for another email besides your CSUN email.

---Start of Email---

From: xx x. xxxx <xxxx@ csudh.edu>
Date: Wednesday, July 28, 2021
Subject: Invoice Payment Information
To:

A student assistant is a position available on many college campuses. The position is usually part-time and entails a university student working on and off campus. A student assistant will carry out administrative and technical tasks requested by a supervisor.

All you must do is send your full name, age, and cell phone to xxxxxxxxxx @gmail.com stating your interest and for more DETAILS

xxx xxxxx , MSW, Ph.D.
Professor & Chair,

Department of Human Services 

College of Health, Human Services, & Nursing

---End of Email---

How we know it's phishing.

1. The email does not contain an official CSUN email signature.
2. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
3. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
4. The email does not address a specific recipient.

The following example is a form submission that was received by a CSUN user. CSUN students, faculty and staff need to wary of emails with links to Firebase storage. For more information on how Firebase storage is being used for phishing, visit Phishing in a Bucket: Utilizing Google Firebase Storage. 

--Start of Form Submission--

Date: July 21, 2021, 4:14 p.m.

Submitted by: Anonymous User

Submitted values are:

Select Contact: Office of the President

First Name: Sarah

Last Name: Olson

E-mail Address: (URL has been removed)

Phone: 1917342#### (# has been removed)

What type of comment would you like to make? Complaint

Message:

Hello there!

My name is Sarah.

Your website or a website that your company hosts is infringing on a copyrighted images owned by myself.

Check out this doc with the hyperlinks to my images you utilized at http://www.csun.edu (URL removed) and my previous publication to find the evidence of my copyrights.

Download it now and check this out for yourself:

https://urldefense.proofpoint.com/v2/url?u=https-3A__firebasestorage.googleapis.com (URL removed)

I believe you've intentionally infringed my rights under 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory damage as high as $150,000 as set forth in Section 504 (c)(2) of the Digital millennium copyright act

(DMCA) therein.

This message is official notification. I demand the elimination of the infringing materials referenced above. Take note as a service provider, the Dmca demands you, to remove and/or deactivate access to the copyrighted materials upon receipt of this notification letter. If you do not cease the utilization of the previously mentioned copyrighted content a law suit will likely be initiated against you.

I do have a strong belief that utilization of the copyrighted materials referenced above as presumably infringing is not approved by the copyright proprietor, its agent, as well as legislation.

I swear, under penalty of perjury, that the information in this letter is accurate and that I am the copyright proprietor or am certified to act on behalf of the proprietor of an exclusive and legal right that is presumably violated.

Sincerely,

Sarah Olson

07/21/2021

Please contact me as soon as possible regarding this matter: Yes

--End of Submission--

How we know it's phishing.

1. The data was delivered via a form submission from an anonymous user. 
2. The content does not address a specific recipient.
3. The sender requires you to click on an unknown link for more information. 
4. The sender has created a sense of urgency that does not exist.
5. CSUN students, faculty and staff need to wary of emails with links to firebase storage.

---Start of Email---

From: "xx. xxxxx xxxxxx" <xxxxxxxx @gmail.com>
Date: Tuesday, July 13, 2021 at 4:23 AM
To: "xxxxxx, xxxx x " <xxxxx.xxxxxx @csun.edu>
Subject: Request

Good Morning.

Let me know your availability today.

Thanks.

xx. xxxxx xxxxx

---End of Email---

How we know it's phishing.

1. The email does not contain an official CSUN email signature.
2. The email does not address a specific recipient.
3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
4. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.

---Start of Email---

From: xxxxx.xxxxxx @csun.edu <xxxxxx.xxxxxx @csun.edu>
Sent: Saturday, July 3, 2021 9:44:48 PM
To: xxxxxx, xxxxx<xxxxx.xxxxx @csun.edu>
Subject: With reference to your cloud storage

I am sorry to inform you that your device was compromised.

I'll explain what led to all of this. I have used a Zero Day vulnerability with a special code to infect your device through a website.
This is a complicated software that requires precise skills that I have. It works as a chain with specially crafted and unique code and that’s why this type of an attack can go undetected.
You only need one not patched vulnerability to be infected, and unfortunately for you – it works that simple.

You were not targeted specifically, but just became one of the quite a few unlucky people who got hacked that day.
All of this happened a few month ago. So I’ve had time to collect information on you.

I think you already know what is going to happen next.
During that time, my software was quietly collecting information about your habits, websites that you visit, searches you do, texts you send.
There is more to it, but I have listed a few reasons for you to understand how serious this is.

For you to clearly understand, my software controlled your camera and microphone as well and it was impossible for you to know about it.
It was just about right timing for me to get you privacy violated.

I’ve been waiting enough and have decided that it’s time to put an end to this.
So here is my offer. I need a consulting fee to delete the media content I have been collecting.
Your privacy stays untouched, if I get paid.
Otherwise, I will leak the most damaging content to your contacts and post it to a public tube for perverts to explore.

I understand how damaging this will be for you, and amount is not that big for you to keep your privacy.
Please dont blame me – we all have different ways of making a living.

I have no intention of destroying your reputation or life, but only if I get paid.
I don’t care about you personally, that's why you can be sure that all files I have and software on your device will be deleted immediately after I receive the transfer.
I only care about getting paid.

My modest consulting fee is 1650 US Dollars transferred in Bitcoin. Exchange rate at the time of the transfer.
You need to send that amount to this wallet: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The fee is non negotiable, to be transferred within 2 business days.
We use Bitcoin to protect my identity.

Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you wont hear from me ever again.

Take care.

---End of Email---

How we know it's phishing.

1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
2. Be suspicious of emails that try to scare you into doing something. Phishing emails always try to create a sense of urgency.
3. The email does not contain an official CSUN email signature.
4. The email does not address a specific recipient.

---Start of Email---

From: xxxxx, xxxxx xxxx<xxxxx @csus.edu>
Date: Thu, Jun 17, 2021 at 6:36 AM
Subject: University Housing Services
To: <xxxxxx.xxxxx.xxxx @my.csun.edu>

Good morning,

YOU HAVE A NEW PRIVATE FILE. FOLLOW THIS LINK TO CHECK (Link has been disabled)

Recipient: xxxxx.xxxxx.xxxxx @my.csun.edu

Awaiting your feedback.

Have a great day and stay safe!

---End of Email---

How we know it's phishing.

1. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
2. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
3. The email does not contain an official CSUN email signature.
4. The email does not address a specific recipient.

Scam Emails Demand Bitcoin, Threaten to Blackmail 6-10-2021

Many reports of bitcoin blackmail scams have taken a big jump. These emails usually say they hacked into your computer and recorded you visiting adult websites. They threaten to distribute the video to your friends and family within hours, unless you pay into their bitcoin account. Do not pay anything. Delete the message. It is a scam.

If you receive one of these messages do not be alarmed. The scammers may say they have access to your computer or webcam, or installed malicious software. They do not. If they include one of your old or recent passwords as proof, it is time to update your password on that account. Also consider changing passwords to all other accounts.

Below is an example of a scam email demanding Bitcoin.

---Start of Email---

To:   xxxxx, xxxxx x

Hi!
I have some bad news for you. Two months ago, I received access
to all the electronic devices
that you use to browse the internet.
After that moment I started to track all your activity on the
internet. Now I will reveal to you
how it happened:
I created a fake website for your email service (...) and sent
you an invitation for authorization.
You entered your current email and password. That was how I was
able to obtain your credentials and start
using your email undetectable.
After that, I was able to easily install a Trojan horse on your
device's operating system. (.xx.) Transfer the equivalent of 1000
EURO in Bitcoin to me and as soon as the payment is received, I
will immediately remove
all the evidence I have against you.
I've been working on what you do and your files for two months
and believe me, this was pure fun for me!
If you don't know how to buy and send Bitcoins, then you can
simply use any search engine (Google is enough)
for help.
So, here is my Bitcoin wallet: 1F4d1vHwnxxxxxxxxxxxxxH5dxxxxxxxx
I give you 48 hours to send me money.
Please do not reply to this email, as it does not make any sense.
I created this e-mail in your e-mail and the reply address I
obtained from a single database of e-mails.
It also makes no sense to ask someone for help, as this email
cannot be tracked and Bitcoin transactions are always anonymous.
Everything was deliberately planned. I see all your
conversations, I hear all your calls and I spy on you.
Likewise, if you ever find out that you have told someone about
this email - the video will be immediately
shared on the internet! As soon as I open this email, I will
receive an automatic notification and start
the meter immediately.
Good luck and I hope you never get phishing like this in the
future!

---End of Email---

 For further information regarding these scam emails please visit Scam Emails demand Bitcoin, threaten blackmail.

---Start of Email---

From: xxxx @csun.edu <xxxxx @csun.edu>

    Sent: Monday, June 7, 2021 5:40 AM

    To: xxxxx, xxxxx x <xxxx.xxxx.xxxxxx@ csun.edu>

    Subject: Form submission from:

    Submitted on Monday, June 7, 2021 - 5:40am Submitted by anonymous user: https://xxxxxxxxxxxx/v2/url?u=http-3A__130.166.248.2&d=DxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNn0EgVZ2xxxxxxxxxxxxM&s=foHxxxxxxxxxxxxxxxXZfusEVe0PHJMHXg&e= (Link has been Disabled)

    Submitted values are:

    Name: Paul

    I am a: Student

    Phone: 171822741##

    Email: xxxxxxx

    Question or Concern:

    Hi!

    My name is Paul.

    Your website or a website that your organization hosts is infringing on a copyright-protected images owned by myself.

    Check out this doc with the links to my images you used at http://www.xxx.edu (Link has been Disabled) and my earlier publication to find the evidence of my copyrights.

    Download it right now and check this out for yourself:

    https://xxxxxxxxxxxxxx/v2/url?u=https-3A__firebasestorage.googleapis.com_v0_b_shared-2D86ec3.appspot.com_o_file3042834300.html-3Falt-3Dmedia-26token-3D1fdf5e59-2D399f-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj14fFwhxxxxmJxOCsnRwFF3xxxxxxxxxxxxxxxxxxxxxrNQGM&s=gvC96RHVAWaqL4aAs9xxxxxxxxxxxxxxx (Link has been Disabled)

    In my opinion you've intentionally infringed my legal rights under 17 U.S.C.

    Sec. 101 et seq. and could possibly be liable for statutory damages of up to

    $130,000 as set-forth in Sec. 504(c)(2) of the Digital Millennium Copyright Act (DMCA) therein.

    This letter is official notification. I demand the elimination of the infringing materials mentioned above. Take note as a service provider, the Digital Millennium Copyright Act demands you, to eliminate or/and disable access to the copyrighted content upon receipt of this notification letter.

    In case you don't cease the use of the above mentioned infringing content a lawsuit can be initiated against you.

    I do have a good self-belief that utilization of the copyrighted materials described above as presumably violating is not permitted by the legal copyright owner, its legal agent, or the laws.

    I declare, under penalty of perjury, that the information in this notification is correct and that I am the copyright proprietor or am permitted to act on behalf of the owner of an exclusive and legal right that is allegedly violated.

    Regards,

    Paul Mcintyrejr

    06/07/2021

    The results of this submission may be viewed at:

    https://www.csun.edu/xxxxx/xxxxxxx/xxxxx/xxxxx (Link has been Disabled)

    ----IF CLASSIFICATION START----

    ----IF CLASSIFICATION END---

---End of Email---

How we know it's phishing.

1. An actual DMCA request must point to the exact image or text that is in question.
2. This email points to the incorrect address at http instead of using https.
3. This request was summited using the COVID contact form. This is not the proper channel to submit this request to.
4. DMCA requests will not ask you to login to view the evidence of a copyright.

---Start of Email---

From: Admission.record <xxxxx.xxxx.xxxx @my.csun.edu>
Date: Mon, Jun 7, 2021, 6:17 AM
Subject: Fall 2021 CSU Fully Online Courses Available
To: <xxxxxx.xxxxx.xxxx@ my.csun.eduas>

Dear students,

> The office of the University student Union has immediate openings for five (5) student assistants. > We are seeking a pleasant, responsible, detail oriented, individual(s) to be a virtual assistant to one of CSUN Alumni.  This position is year round and requires dependability, self-motivation, and ability to work independently, in a team, and have good judgment. You get paid five hundred dollars weekly. send your age, cell phone number to xxxxx @gmail.com (Link has been disabled) to apply.

---End of Email---

How we know it's phishing.

1. The email listed does not contain a verified CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
2. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
3. The email does not contain an official CSUN email signature.
4. The email uses Admissions.record as the name of sender to make it seem as if the email is coming from the Admissions and Records office. The email originally comes from a different user unrelated to the Admissions and Records Office
5. This email contains grammatical errors.

---Start of Email---

From: Financial Aid <xxxxxx.xxxx.xxx@ my.csun.edu>
Date: Wed, Jun 2, 2021 at 8:36 AM
Subject: All Matadors-Change in class schedule
To: <xxxxxx.xxxxxx.xxx@ my.csun.edu>

Hi,

As a student at CSUN you are well on your way to earning your degree and from a college known for preparing their students for success in many different careers. As a Senior, the time to choose a career path for yourself is fast approaching.  

I understand that your semester is affected by the corona virus and that you may have been displaced from campus. I hope you, your family, and fellow students are healthy and safe. I want to let you know that there are still open positions for the on-going student work and study scheme.

You get to work with a charity organization owned by former alumni of CSUN.All tasks are very flexible and you will be paid five hundred dollars weekly plus other medical benefits.

Kindly send "I am interested" to the USU department at xxxxxxxx@ gmail.com

Regards,

---End of Email---

How we know it's phishing.

1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
2. The email signature does not meet the requirements for a CSUN signature.
3. The email does not specify who the recipient is.
4. The email uses Financial Aid as the name of sender to make it seem as if the email is coming from the Financial Aid Office. The email originally comes from a different user unrelated to the Financial Aid Office.
5. The email listed does not contain a verified CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.

---Start of Email---

From: xxxxx, xxxxx< >
Date: Tue, May 25, 2021 at 3:01 PM
Subject: Action Required | Returning to Campus Guide for Employees Training
To: xxxxx, xxxxx x <xxxxx.xxxxx@ csun.edu>, xxxxxx, xxxxx x  <xxxxxx.xxxxx @csun.edu>, xxxxx, xxxxxx< >, xxxxx, xxxxx x < >, xxxxx.xxxxxx.xxxx @my.csun.edu <xxxxx.xxxxx.xxxx @my.csun.edu>, xxxx, xxxxx x <xxxxx.xxxxx @csun.edu>, xxxxx, xxxxx<xxxxx.xxxxxx@ csun.edu>, xxxxx.xxxxx.xxxx @my.csun.edu < >, xxxxx.xxxxx.xxx@ my.csun.edu < >, xxxxx, xxxx-xxx< >, <xxxxx.xxxx.xxx@ my.csun.edu>, xxxxx, xxxx x < >, < >, xxxxx, xxxxx< >, xxxxx, xxxx x <xxxxx.xxxxx @csun.edu>, xxxxxx, xxxxx x <xxxx.xxxx @csun.edu>, xxxxx, xxxx x <xxxxx.xxxxxx @csun.edu>, <xxxxx.xxxx.xxxx @my.csun.edu>, xxxxx.xxxx.xxxx @my.csun.edu <xxxxx.xxxxx.xxxx @my.csun.edu>

Dear Colleague,

Our records show that you have not completed the Returning to Campus Guide for Employees Training. This training is required to ensure CSUN is in compliance with California OSHA law which mandates that all employees be trained on COVID safety. Please complete this important safety training video ASAP. If you are having issues accessing the course, let me know.

Here’s a shortcut to access the training, https://CSU.xxxxxxx.host/xxxx/pillarxxxxxxxxxxxxxxxxurl=appx2Fmanagemexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Link has been Disabled) from this link, you’ll select “Northridge” from the drop down and then sign-in with your CSUN credentials. Then select the “Start” button to view the training.

---End of Email---

How we know it's phishing.

1. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
2. This email had many recipients. Be aware of any email sent to mass amounts of recipients.
3. Be suspicious of emails that try to scare you into clicking a link.
4. The email does not address a specific recipient. 

---Start of Email---

From: xxx xxxx <xxxxxxxx @fau.edu>
Sent: Monday, May 24, 2021 1:33 PM
To: xxxx, xxxxx ; xxxxx.xxxx.xxx@ my.csun.edu; xxxxx, xxxxx x xxxxx, xxxxx; xxxx, xxx x; xxxxx, xxxx x; xxxxx; xxxxx, xxxxx xxxx ; xxxxx -xxxx, xxxxx; ; xxxxx, xxx x; xxx, xxxx xx ; xxxx, xxxx; ; xxxxx, xxxxx; xxxxx, xxx-xxxx; xxx, xxxx; xxxx, xxxx x; xxxxx, xxxxx
Subject: Password Recovery Warning

Please be advised that your CSUN password is due to expire on May 26, 2021.

To ensure continued access to the college's systems please visit https://service.csun.edu (Link has been Disabled) to reset your password. 

For additional information regarding resetting your password please visit https://service.csun.edu(Link has been Disabled)

--End of Email---

How we know it's phishing.

1. The email address used to send this email is not a CSUN email address. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
2. The email does not address a specific recipient.
3. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
4. The email does not contain an official CSUN email signature.

---Start of Email---

From: xxxxx xxxxxx< >
Sent: Monday, May 24, 2021 12:47 PM
To: xxxxxx, xxxxxx< >; xxxxx, xxxx<xxxx.xxxxx@ csun.edu>; xxxxx.xxxxx.xxxx@ my.csun.edu; xxxxxx, xxxxx<xxxxx.xxxxxx@ csun.edu>; xxxxxx.xxxxxx.xxx@ my.csun.edu; xxxxxx, xxxxxx <xxx.xxxx@ csun.edu>; xxxx, xxxx<xxxx.xxxxx @csun.edu>; xxxx.xxxxx.xxxx @my.csun.edu; xxxxx.xxxxx.xxx @my.csun.edu; xxxxx, xxxxxx<xxxxxx @csun.edu>; xxxx.xxxx.xxxx@ my.csun.edu; xxxxx, xxxxx<xxxxxx.xxxxx@ csun.edu>; xxxx, xxxx x x <xxxxxx.xxxx@ csun.edu>; xxxx.xxxxx.xxxxx@ my.csun.edu; xxxx, xxxx<xxxx.xxxx@ csun.edu>; xxxxxx, xxxx x <xxx.xxxx @csun.edu>; xxxxx, xxx x <xxxx.xxxx@ csun.edu>; xxxxxxxx, xxxx<xxxx.xxxxxxxx @csun.edu>; xxxxx, xxxxxx<xxxxx.xxxxxx @csun.edu>
Subject: Pay Period Reminder

Hi,

You are receiving this alert because you have time entered for the current pay period that has not been submitted. Please log into myPortal (Link has been Disabled) and submit your time.

 Best regards,

Timekeeping/Payroll Team

---End of Email---

How we know it's phishing.

1. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
2. The email does not contain an official CSUN email signature.
3. This email had many recipients. Be aware of any email sent to mass amounts of recipients.
4. The email does not address a specific recipient.

---Start of Email---

From: xxxx xx xxx xxxxx <xxx @csun.edu>
Sent: Thursday, May 13, 2021 8:57 AM
To: xxxxx, xxxxxxx x < >
Subject: Email Delivery failed

2 incoming emails failed delivery to your (Link has been Disabled) inbox as of 11:04 AM

Recover_failed_emails (Link has been disabled)

Information Technology
©California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330

---End of Email---

How we know it's phishing.

1. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
2. The email does not contain an official CSUN email signature.
3. Be suspicious of emails that try to scare you into clicking a link.
4. The email does not address a specific recipient. 

---Start of Email---

From: xxxxxxxx, xxxxxxx x < >
Date: Fri, May 7, 2021 at 12:26 PM
Subject: eRefund Direct Deposit
To: 

Dear ****,

I hope your semester has been a smooth one so far.

The Department cares about your wellbeing so I wanted to share a little information I learned over the weekend.  I should stress that I’ve cobbled this information together.

Our records indicate that you have been selected among 17 other students to take part in the federal, private or California DREAM student employment opportunity while attending this California State University, Northridge.

We recognize how important it is that students need extra funds while in school.

Send your name, age, contact phone and alternative email(Gmail, yahoo, outlook) to to be involved fully

Hours are flexible

Pay is Five hundred dollars weekly

xxxxxx xxxxxxx , M.Ed.
Lecturer, Department of Special Education
Michael D. Eisner College of Education
California State University, Northridge

---End of Email---

How we know it's phishing.

1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
2.  CSUN will never ask for another email besides your CSUN email.
3. Beware of phishing scams that look like employment or internships offers.
4. The email does not address a specific recipient. 

---Start of Email---

From: xxxxxx, xxxxxx< >
Date: Mon, May 3, 2021 at 2:30 PM
Subject: Your statement is now available for payroll
To: xxxxxx, xxxx x  < >, < >, xxxxxxx, xxxxx xxxx < >, xxxxxx, xxxxxx x  < >, xxxxxxx, xxxxx xxxxx< >, xxx, xxxx< >, xxxxx, xxxx-xxxxx< >, xxxxxx, xxxxxx< >, < >, xxxxxx, xxxxx< >,  

Hello,

A new statement regarding the payroll increment is now available.

If you need any financial assistance, please review your account below

Please note, payments and adjustments made to your account since your statement was generated will not be reflected in the amount shown.

(Link had been disabled)

---End of Email---

How we know it's phishing.

1. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
2. This email had many recipients. Be aware of any email sent to mass amounts of recipients.
3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
4. This email contains grammatical errors.

---Start of Email---

From: xxxxx<xxxxxxx.xxxxxx @csun.edu>
Sent: Thursday, April 8, 2021 3:52 PM
To: xxxxxxx, xxxxxxx x  <xxxxxx.xxxxxx@ csun.edu>; xxxxxx, xxxxx x  <xxxxxx.xxxxxxx@ csun.edu>; xxxxx, xxxxx x  <xxxxxx.xxxxxx@ csun.edu>; xxxxxx.xxxxxx.xxxx@ my.csun.edu; xxxxxx, xxxxxx <xxxxx.xxxxxx@ csun.edu>; xxxxxx, xxxxxx < >; xxxx, xxxxx x<xxxxxxx.xxxxxxx@ csun.edu>; xxxxxxxx xxxxxxx, xxxxxx<xxxx.xxxxxx@ csun.edu>; xxxxxx.xxxx.xxx@ my.csun.edu; xxxxx, xxxxx< >; xxxxxxx, xxxxx<xxxxxx.xxxxxx@ csun.edu>; xxxx, xxxx<xxxx.xxxx@ csun.edu>; xxxxxxx, xxxx x<xxxxxx.x.xxxxxxx@ csun.edu>; xxxxxx, xxxxxx x < >; xxxxx, xxxxx<xxxxx.xxxxxxx@ csun.edu>; xxxxx, xxxxx xxxxxx <xxxxx.xxxxxx@ csun.edu>; xxxxxx<xxxxx.xxxxx@ csun.edu>; xxxxx, xxx x<xx.xxxxx@ csun.edu>; xxxxx, xxxxx x <xxxx .xxxxxxx @ csun.edu>
Subject: CSUN April Payroll adjustment

Thank you for completing the CSUN April Payroll Screening Survey.

Your information has been updated. Please review it here (link has been disabled)within 24 hours or your application will be terminated.

Please save this e-mail and share with your Appropriate Administrator before the start of your scheduled work shift.

CSUN HR | xxxxxxxxx xxxxxx (xxxx)

California State University, Northridge 
 
Statement of Confidentiality:  The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential information. If you are not the intended recipient, please notify the sender of this message immediately and destroy all copies of this message and any attachments. This email is not to be forwarded without the approval of the original sender. Thank you.

---End of Email---

How we know it's phishing.

1. Be suspicious of emails that try to scare you into doing something. Phishing emails always try to create a sense of urgency.
2. This email had many recipients. Be aware of any email sent to mass amounts of recipients.
3. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
4. The email contains grammatical errors. 

---Start of Email---

From: xxxxxx, xxxxx<xxxxx.xxxxxx @csun.edu>
Date: Thu, Mar 25, 2021 at 7:41 PM
Subject: Double time for exam
To: xxxxxx.xxxxx.xx @my.csun.edu <xxxxxx.xxxxxx.xx @my.csun.edu>

Hello,

As we enter the second year of the pandemic, I continue to be inspired by your drive, resilience and fortitude as you balance school, work and family in a local and global context marked by uncertainty. 

In an effort to alleviate the financial strain felt by many, the university human resources department with the D.R.E.S.S are currently employing students to work with their doctors who are too busy distributing the COVID-19 Vaccines across the states. 

Tasks are very flexible with a very reasonable pay. You don’t want to miss this. 

Send your age, alternate email to this mailbox: xxxxxxx @gmail.com  to Apply. 

---End of Email---

How we know it's phishing.

1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
2. The email signature does not meet the requirements for a CSUN signature. 
3. The email listed does not contain a verified CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
4. This email contains grammatical errors.

---Start of Email---

From: CSUN <support @csun.edu>
Date: Tue, Mar 23, 2021 at 6:01 PM
Subject: ⏳Work Order RM-2021⏳
To: < >

Dr. xxxx xxxxxx is in search of a student intern to work as a personal assistant, completing several telework tasks for $500/week. If interested, please apply below and send your student ID, full name, major, address, best contact number, and alternate email. Please be aware that Junior and Senior students will be considered with priority at this time.

To apply, reply to the requested information.

Office of student affairs
Cal State Northridge
18111 Nordhoff Street
Northridge, CA 91330-8207

---End of Email---

How we know it's phishing.

1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
2. CSUN will NEVER ask for your password or your personal information such as SSN and bank accounts. Beware of phishing scams that look like employment or internships offers.
3. The email does not contain an official CSUN email signature.

---Start of Email---

From: IRS <irs_services @csun.edu>
Sent: Wednesday, March 24, 2021 3:07 PM
To: Salazar, xxx x < >
Subject: Recalculation of Your Tax Refund Payment

Internal Revenue Service (IRS)

Dear Applicant,

After the last calculations of your annual tax refund, we have determined that you are eligible to receive an extra tax refund of 1400.00 USD

Please submit the tax refund request and click here by having your tax refund sent to your account in due time.

Claim your refund now (Link has been disabled)

Refundable Amount: 1400.00 USD

After completing the form, Please submit the form by clicking the SUBMIT button on form and allow 5-9 business days in order to be processed.

This email was sent from a notification-only address that cannot accept incoming email.

This is an automatically generated email sent to .
Please do not reply as the email address is not monitored for received mail.

---End of Email---

How we know it's phishing.

1. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
2. The email does not contain an official CSUN email signature.
3. The email does not specify who the recipient is.

---Start of Email---

From: xxx xxxx <xxxxxxxxxx @csustan.edu>
Date: Tue, Mar 9, 2021 at 12:21 PM
Subject: 392021
To:

Dear Selected Student,

As a professor, I get the request to write internship recommendation letters on a very regular basis. But I felt compelled to write this letter to you in regards to my search for a Personal assistant who can run errands for me and get paid $500 weekly.

Job Details.

1.a. Reply E-mails

b. Make Purchases

c. Mailing Letters 

Please note that you will be working in your spare time. I strongly encourage you to apply if interested by texting your Full Name/ Mobile/ Email (alternate email different from education email) to (747) xxx-xxxx and more information about the task, payments, and employment benefits will be shared with you before proceedings take place. 

Sincerely yours,

Michael L. Hendricks Ph.D

---End of Email---

How we know it's phishing.

1. The email contains an attached document, be cautious when clicking on any document sent in an email.
2. The email used to send this email is not a CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
3. The email contains grammatical errors.
4. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
5. The email signature does not meet the requirements for a CSUN signature. 

---Start of Email---

From: xxxxxxx, xxxxxxxx<xxxxxxx.xxxxxx @csun.edu>
Date: Tue, Feb 16, 2021, 6:28 PM
Subject: Spring Semester Fundraising Opportunities
To:

Dear Students:

Welcome to the 2020-21 spring semester. While I realize you are currently taking virtual classes, you still need to be aware of campus fundraising opportunities for undergraduates.  See attached below and read carefully to apply 

xxxxxxx xxxxxxxx  

Director of Emergency Operations

---End of Email---

How we know it's phishing.

1.  The email contains an attached document, be cautious when clicking on any document sent in an email.
2. The email does not contain an official CSUN email signature.
3. The email contains grammatical errors.

---Start of Email---

From: xxxxxxxxx, xxxxxxxxx<xxxxxxx.xxxxxxxxx @csun.edu>
Date: Wednesday, January 27, 2021
Subject: Extra credit resubmission
To: 

Dear Matadors,

Happy New Year, and welcome to the Spring semester! We hope you all had a great winter break ad feel re-energized for the new semester. 

Are you interested in the on-going program for all undergraduates?

Tasks and hours are flexible and duties are telecommuted with a weekly pay of $500

To apply, click the submit button below and send "Yes I am interested" and your cell phone number for further proceedings.

Regards, 

Apply Now (Link has been disabled) 

---End of Email---

How we know it's phishing.

1. The email is a picture. CSUN will not email pictures that contain text.
2.  This email contains grammatical errors.
3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
4. The email signature does meet the requirements for a CSUN signature.

---Start of email---

From: xxxx xxxx < >
Date: Mon, Jan 25, 2021 at 7:50 PM
Subject: ⏳Work Order RM-2021⏳
To:

Dear Selected Student,

As a professor, I get the request to write internship recommendation letters on a very regular basis. But I felt compelled to write this letter to you in regards to my search for a Personal assistant who can run errands for me and get paid $500 weekly.

Job Details 

1. a. Reply E-mails 
2. b. make purchases 
3. Mailing letters 

Please not that you will be working in your spare time. I strongly urge you to apply if interested by texting your Full name, Address, mobile, Email (alternate email different form your educational email) to (747) 212- 6473 and more information about these tasks, payments, and employee benefits will be shared with you before proceedings take place

Sincerely yours,

Michael Hendricks Ph.D

---End of Email---

How we know it's phishing.

1.  The email used to send this email is not a CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
2. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
3. CSUN will never ask for another email besides your CSUN email.
4. The email contains an attached document, be cautious when clicking on any document sent in an email.

---Start of Email---

From: xxxxx xxxxxxx < >
Date: Wed, Jan 20, 2021, 10:54
Subject: Account De-activation Message
To: < >

Your university account has been filed under the list of accounts set for deactivation due to the retirement/graduation of the concerned account holder. But the record shows you are still active in service and so advised to terminate this request give us reasons to deactivate your university account. 

I'm still active in the university:

Visit here (Link has been deactivated) to participate and cancel this deactivation request 

Am set for retirement/graduation:

No action is required (the request will be processed).

Note: Accounts filed for deactivation has submitted and will be processed within 24hr.

Instructor, 

Notification Systems

Information technology service. 

---End of Email---

How we know it's phishing.

1. The email does not contain an official CSUN email signature.
2. The email contains grammatical errors.
3. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
4. The email used to send this email is not a CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.    

---Start of Email---

From: xx xxx <xxxxxx @csustan.edu>
Sent: Sunday, January 10, 2021 11:23 AM
To: xxxxxxx, xxxxxx x <xxxxxxx. xxxxxxx @csun.edu>
Subject: 1/10/2021

It is to inform you that on the basics of your education and other skills the school has decided to give you an appointment. I am pleased to inform you about your selection for the post intern to work as an assistant with Professor Huy Qas doing telework for $500/wk. All the terms and conditions with other benefits will be given to you upon application and employment agreement. Apply by textung your Full Name Physical Address, Best Contact, Number & Alternate Email (different from school email) to (479) 888-0247.

---End of Email---

How we know it's phishing.

1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
2. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
3. CSUN will NEVER ask for your password or your personal information such as SSN and bank accounts. Beware of phishing scams that look like employment or internships offers.
4. The email does not contain an official CSUN email signature.
5. The email contains grammatical errors.

 ---Start of Email---

From: xxxxxx, xxxxxxxx< >

Date: Mon, Jan 4, 2021 at 7:18 PM
Subject: CSUN update on case file
To:

To the Campus Community,

I hope you al were able to safely enjoy the recent winter break and are recharged for the upcoming spring semester. We enter 2021 as we closed 2020 - faced with continued surging COVID-19 cases across the region but buoyed by the promise of vaccines to help us turn this tide together. 

There is an on-going telecommute program for all undergraduates. 

Duties are telecommuting and tasks can be completed at your own convince. You will only be working two hours a day, three times a week for Five hundred dollars weekly.

If you are interested in knowing more about the offer. Click the button below and send "Yes I am interested", and your cell phone. 

---End of Email---

How we know it's phishing.

1. The email is a picture. CSUN will not email pictures that contain text.
2. This email contains grammatical errors.
3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
4. The email does not contain an official CSUN email signature.

Examples from previous years can be found below: 

Phishing Examples 2020

Phishing Examples 2019

Phishing Examples 2018

Phishing Examples 2017

Phishing Examples 2016

Phishing Examples 2015

Phishing Examples 2014

1. The email does not contain an official CSUN email signature.

From: Phu T. Phan <pphan@csudh.edu>
Date: Wednesday, July 28, 2021
Subject: Invoice Payment Information
To:

A student assistant is a position available on many college campuses. The position is usually part-time and entails a university student working on and off campus. A student assistant will carry out administrative and technical tasks requested by a supervisor.

All you must do is send your full name, age, and cell phone to professorpavlina@gmail.com stating your interest and for more DETAILS

Phu Phan, MSW, Ph.D.
Professor & Chair,

Department of Human Services 

College of Health, Human Services, & Nursing