Main menu (IT)

Phishing Examples

Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, social security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both. 

Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.  

This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim. 

Reporting a Phishing Email Attempt

When reporting a phishing or spam email to abuse@csun.edu, Information Technology will ask you to send the email as an attachment. Sending the email as an attachment allows Information Technology the ability to see full email headers, providing all the information needed to investigate the email. If you need instructions on how to send the email as an attachment, visit the How to Forward an Email as an Attachment page. 

COVID-19 Phishing Attacks

Cybercriminals are capitalizing on Coronavirus (COVID-19) to send fake email and SMS phishing attacks that could infect computers or lead to the theft of logins and personal information. CSUN faculty, staff and students should all be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened. Phishing attacks promise information on COVID-19 and entice users to open malicious attachments (some containing dangerous malware) and follow links designed to steal logins. Cybercriminals build their attacks around major news events and have been doing this for years. They tend to morph relatively quickly from one breaking event to another. With the Coronavirus commanding an almost unprecedented amount of coverage around the world, these latest campaigns have been nothing short of a flurry of attacks that show no signs of slowing down.

For more information visit COVID-19 Phishing Attacks.

Herff Jones Commencement Email

The email sent by Herff Jones is a legitimate email regarding commencement. Please do not give out credit card information if you have already purchased a cap and gown. Email is shown below:

From: Herff Jones < >
Date: Wed, Apr 22, 2020 at 12:03 PM
Subject: Your cap and gown is coming soon
To: <xxxxxx.xxxx.xxx@ my.csun.edu>

Dear Students, 

To make life easier during this uncertain time, we created options for you to either have your gown shipped to your home or for you to receive a refund on your purchase.

Your graduation is a reason to celebrate! We encourage you to honor this milestone by making full use of your gown; take pictures, share on social media and celebrate with loved ones.

If you would like to have your cap and gown shipped (for free!) directly to your home address, use the following link to provide us with your shipping information and then be on the look out for your cap and gown.

But if you would prefer to receive a full refund of your order, we completely understand. Please use the following link to request your refund.

Also feel free to contact our customer service team with questions at herffjones.com/contactus.

START THE PROCESS »

For information on current news for commencement please visit Commencement and Honors Convocation.

Phishing Examples


---Start of Email---

From: xxxxxxx, xxxxxxxx<xxxxxxx.xxxxxx @csun.edu>
Date: Tue, Feb 16, 2021, 6:28 PM
Subject: Spring Semester Fundraising Opportunities
To:

Dear Students:

Welcome to the 2020-21 spring semester. While I realize you are currently taking virtual classes, you still need to be aware of campus fundraising opportunities for undergraduates.  See attached below and read carefully to apply 

xxxxxxx xxxxxxxx  

Director of Emergency Operations

---End of Email---

How we know it's phishing.

  1.  The email contains an attached document, be cautious when clicking on any document sent in an email.
  2. The email does not contain an official CSUN email signature.
  3. The email contains grammatical errors.

---Start of Email---

From: xxxxxxxxx, xxxxxxxxx<xxxxxxx.xxxxxxxxx @csun.edu>
Date: Wednesday, January 27, 2021
Subject: Extra credit resubmission
To: 

Phishing email example.

Dear Matadors,

Happy New Year, and welcome to the Spring semester! We hope you all had a great winter break ad feel re-energized for the new semester. 

Are you interested in the on-going program for all undergraduates?

Tasks and hours are flexible and duties are telecommuted with a weekly pay of $500

To apply, click the submit button below and send "Yes I am interested" and your cell phone number for further proceedings.

Regards, 

Apply Now (Link has been disabled) 

---End of Email---

How we know it's phishing.

  1. The email is a picture. CSUN will not email pictures that contain text.
  2.  This email contains grammatical errors.
  3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
  4. The email signature does meet the requirements for a CSUN signature.

---Start of email---

From: xxxx xxxx < >
Date: Mon, Jan 25, 2021 at 7:50 PM
Subject: ⏳Work Order RM-2021⏳
To:

Phishing email example.

Dear Selected Student,

As a professor, I get the request to write internship recommendation letters on a very regular basis. But I felt compelled to write this letter to you in regards to my search for a Personal assistant who can run errands for me and get paid $500 weekly.

Job Details 

  1. a. Reply E-mails 
  2. b. make purchases 
  3. Mailing letters 

Please not that you will be working in your spare time. I strongly urge you to apply if interested by texting your Full name, Address, mobile, Email (alternate email different form your educational email) to (747) 212- 6473 and more information about these tasks, payments, and employee benefits will be shared with you before proceedings take place

Sincerely yours,

Michael Hendricks Ph.D

---End of Email---

How we know it's phishing.

  1.  The email used to send this email is not a CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
  2. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
  3. CSUN will never ask for another email besides your CSUN email.
  4. The email contains an attached document, be cautious when clicking on any document sent in an email.

---Start of Email---

From: xxxxx xxxxxxx < >
Date: Wed, Jan 20, 2021, 10:54
Subject: Account De-activation Message
To: < >

Phishing email example.

Your university account has been filed under the list of accounts set for deactivation due to the retirement/graduation of the concerned account holder. But the record shows you are still active in service and so advised to terminate this request give us reasons to deactivate your university account. 

I'm still active in the university:

Visit here (Link has been deactivated) to participate and cancel this deactivation request 

Am set for retirement/graduation:

No action is required (the request will be processed).

Note: Accounts filed for deactivation has submitted and will be processed within 24hr.

Instructor, 

Notification Systems

Information technology service. 

---End of Email---

How we know it's phishing.

  1. The email does not contain an official CSUN email signature.
  2. The email contains grammatical errors.
  3. The link in the email leads to an unknown website. A simple way to know where the link will take you is to hover over the link the real website should reveal itself.
  4. The email used to send this email is not a CSUN email. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.    

---Start of Email---

From: xx xxx <xxxxxx @csustan.edu>
Sent: Sunday, January 10, 2021 11:23 AM
To: xxxxxxx, xxxxxx x <xxxxxxx. xxxxxxx @csun.edu>
Subject: 1/10/2021

Example of a phishing email.

It is to inform you that on the basics of your education and other skills the school has decided to give you an appointment. I am pleased to inform you about your selection for the post intern to work as an assistant with Professor Huy Qas doing telework for $500/wk. All the terms and conditions with other benefits will be given to you upon application and employment agreement. Apply by textung your Full Name Physical Address, Best Contact, Number & Alternate Email (different from school email) to (479) 888-0247.

---End of Email---

How we know it's phishing.

  1. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
  2. Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
  3. CSUN will NEVER ask for your password or your personal information such as SSN and bank accounts. Beware of phishing scams that look like employment or internships offers.
  4. The email does not contain an official CSUN email signature.
  5. The email contains grammatical errors.

 ---Start of Email---

From: xxxxxx, xxxxxxxx< >

Date: Mon, Jan 4, 2021 at 7:18 PM
Subject: CSUN update on case file
To:

Phishing email example.

To the Campus Community,

I hope you al were able to safely enjoy the recent winter break and are recharged for the upcoming spring semester. We enter 2021 as we closed 2020 - faced with continued surging COVID-19 cases across the region but buoyed by the promise of vaccines to help us turn this tide together. 

There is an on-going telecommute program for all undergraduates. 

Duties are telecommuting and tasks can be completed at your own convince. You will only be working two hours a day, three times a week for Five hundred dollars weekly.

If you are interested in knowing more about the offer. Click the button below and send "Yes I am interested", and your cell phone. 

---End of Email---

How we know it's phishing.

  1. The email is a picture. CSUN will not email pictures that contain text.
  2. This email contains grammatical errors.
  3. Oddly phrased subject line. A formal CSUN email will contain a subject line related to the email being sent.
  4. The email does not contain an official CSUN email signature.

Examples from previous years can be found below: 

Phishing Examples 2020

Phishing Examples 2019

Phishing Examples 2018

Phishing Examples 2017

Phishing Examples 2016

Phishing Examples 2015

Phishing Examples 2014