Main menu (IT)

Phishing Examples

Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both. 

Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.  

This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim. 


Evidence of Payment

Reported: May 11, 2018

Email:

Date: Friday, May 11, 2018 
Subject: Evidence of payment (1)

Hi there, (2)

Your payment has been processed since Friday of last week. 
For any complains and dispute on the future payments, please let me know on time. (3)
Please download and keep for your record (5) (6)
Kindly let me know if you are unable to download your statement. (4)

View File Link (disabled) (7)

Happy Dropboxing!

  1. Notice how vague and unprofessional the ‘subject’ and ‘from’ sections are; authentic communications would be more specific as to why they are contacting you, especially given that this is from Dropbox. 
  2. Notice the greeting, ‘Hi there’. Most professional emails will address you formally. 
  3. This email contains grammatical errors. 
  4. Additionally, there is no mention as to what the payment was specifically for. The email also uses first person (let ‘me’ know).
  5. The third sentence has no period. Most professional ‘canned’ responses are spell checked and grammar checked first. 
  6. Very rarely will alert emails ask you to download something. The majority of the time, it will ask you to go to the actual site to fix whatever needs to be changed.
  7. This email included a link. Hover your cursor over links to verify its destination. If it looks suspicious, do not click on it. 


Don't Let Your Account Be Deleted

Reported: May 10, 2018

Email:

Date: Thursday May 10, 2018 
Subject: Don't let your account be deleted (1)

Your password was entered incorrectly more than three times. (2)

Your account is currently frozen. You still have 24 hours until your %E-mail_address account will be deleted. 
You can prevent this by unfreezing your account. 

Please click here to unfreeze your account. (disabled). (3)

This is an automated message. 

Please do not reply to this email. 

Regards, 
Office365 Team (4)

  1. The subject header of this email is vague. It is also unprofessional and unlikely to be the subject header for an official CSUN email.
  2. If the punishment for a certain action (inputting an incorrect password) seems excessive, it’s most likely just an email attempting to scare you into doing something.
  3. Be wary of links if you don’t know where they’re going to. 
  4. No contact information is provided. This is very suspicious. 


Important Notice

Reported: March 22, 2018

Email:

Date: Thursday, March 22, 2018 6:17 AM
Subject: Important Notice. (1)

This is a final notification to all Students, Staffs of  California State University, Northridge that we are validating active accounts.Failure to do this within 24 hours, your account will be disabled (2) (3)

Validate Email Account (URL has been removed) (3)

Sincerely

IT Help Desk
Office of Information Technology
California State University, Northridge (5)

This one is potentially more dangerous considering how specific it is.

  1. The first red flag is the vague subject header. 
  2. The second easily noticeable red flag is the idea that this is the “final” notification. If this email were legitimate, you would have already received previous communications before this "final" notification. 
  3. This email includes some grammatical errors and misspellings. 
  4. At CSUN, we do not ask users to validate accounts. The wording used here is not in line with common terminology used on campus. 
  5. Official CSUN emails include a contact number or some other way of gathering information about any official procedure. Someone attempting to phish information out of you will often leave the contact information out. 


Important Document! Undisclosed Upcoming Schedule & Events

Reported: March 19, 2018

Email:

Date: March 19, 2018 at 8:21:01 PM PDT
Subject: Important Document! Undisclosed Upcoming Schedule & Events (1)

Hi, (2)

Sign-in using your email to view document. (3)

XXX invited you to view this "Document" on Dropbox.

View Document (disabled)b (4)

Enjoy! 

The Dropbox team

  1. This subject heading is extremely vague. Dropbox doesn’t necessarily know if the document being sent to you is important or not, unless the person sending it to you specifies that it is.
  2. The greeting is unprofessional. Considering that this is an important document, an informal greeting is a red flag.
  3. If it WAS important, the individual messaging you would probably state the reason for the email upfront.  
  4. The link that they’re giving you is hidden, which is not necessarily malicious, but is something to be aware of. If you hover your cursor over the link, it will reveal where it will direct you. If it is not an official site, do not click on it. 


Update Notice

Reported: February 16, 2018

Email:

Date: Friday, February 16, 2018, 6:41 PM
Subject: Update Notice (1)

ATTENTION!

We recently update our Mail Server security for your protection. All students & staffs are required to update their mail box to enjoy the new security features. Failure to update within 72 hours will result to mail blocked. (2)

Update My E-mail (link has been removed) (3)

Sincerely,

CSUN Mail Security Team (4)

  1. The subject header does not say anything about the reason for the email. This should raise a red flag. 
  2. There are numerous spelling and grammatical errors throughout the email. 
  3. A link was included. Notice that there are no instructions for you to follow that would allow you to bypass using the link. Additionally, you can hover over the link with your cursor to see if it’s a legitimate URL.
  4. Notice that there is no contact information included in this email. 


You Received a PDF File

Reported: February 5, 2018

Email:

Date: February 5, 2018 at 9:34:45 AM PST
Subject:You received a PDF File (1)

DocuSign

                    You received a PDF File via DocuSign

Your PDF File is ready for review and needs your signature. Signing will not be completed until you have reviewed the agreement and confirm your signature. Please view your document by clicking on REVIEW below.

                                     REVIEW (link removed) (2)

Powered By Google.

  1. When files are emailed to you, the service used to send the email will specify who it came from. The fact that this information is not included is suspicious. 
  2. As with all emails, please use the actual DocuSign application. Hidden links are potentially and frequently malicious.


re: won

Reported: December 20, 2017

Email: 

Date: December 20, 2017
Subject: Re: won! (1)

[Lotto 649 email will ask you to open the attachment and click on the link. Do NOT open the attachment or click on any links.] (2) (3)

Mr. Rex Bauer
(Group Coordinator)
Promotion Management, 
Lotto 6/49 2017 Services. (4)

  1. The subject header is extremely vague.
  2. The part in brackets is an attachment and a link which was removed to prevent anyone from clicking it. Do not open attachments or links from unknown sources.
  3. The body of the message mentions "Lotto 649" which is not related to CSUN business in any way. The inclusion of such a topic makes this a suspicious email.
  4. The email does not provide information to contact the company regarding this message. It includes the company name, but does not provide a phone number or a contact email.


Your Post University Statement is Ready to View

Reported: December 5, 2017

Email: 

Date: December 5, 2017
Subject:Your Post University Statement is ready to view

Dear student or authorized user,

Your monthly Post University statement has just been posted to your Online Student Account. (1) To review your statement or make a required payment, please log in to <link removed> (2) and enter your Username (Login ID) and Password.  Even if you do not have a payment due at this time, it’s a good idea to log in and review your statement each month.

If you would like to provide a parent or another authorized person access to your account and have not already done so, please go to <link removed>, enter your username and password, and then choose Add Parent/Authorized Pay or.

Once a parent or other authorized pay or has been added to your account, this person may view your statement and/or make a payment at <link removed> using the log in information provided.

For a list of Frequently Asked Questions (FAQs) and other information about your billing statement and online student account, please visit the Office of Student Finance section of the University website.

Thank you,
Office of Student Finance
Post University (3)

This a pretty good phishing attempt. 

  1. The first red flag is the lack of campus-specific terminology such as the "myNorthridge portal" or "CSUN account". 
  2. Hover over links with your cursor to see where the links will take you. Never click on a link unless you know its source. 
  3. The lack of contact information at the end of this email raises a red flag. 


FW: [ATTENTION REQUIRED]

Reported: October 26, 2017

Email:

Subject: [ATTENTION REQUIRED] (1)

NOTE: It is fundamentally Urgent that all staffs read attached.

The email includes an attached PDF which says it's a secure online document and sends users to a custom campus-branded login URL to access MS PDF reader. (2) After you hand over your keys, it apparently allows the now-phished user to download a legitimate PDF about ethics. (3)

  1. The subject header is in all caps to scare you into reading and opening the attachment which could potentially be harmful. 
  2. This email is smart in that it eventually leads to a real PDF. Be careful when emails give vague instructions.
  3. This email lacks contact information. A CSUN email would include contact information. 


RE: IT - SERVICE PASSWORD UPDATE !

Reported: August 27, 2017

Email:

Date: Sunday, August 27, 2017 10:28 PM
Subject: RE: IT-SERVICE PASSW0RD UPDATE ! (1)

Your Pass-word will expire in 2 days. to keep your pass-word. CLICKHERE (link has been removed) (2) (3) (4)

©Technical Support (5)

----------------------------------------------------------------------

This electronic transmission may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, please notify me immediately as use of this information is strictly prohibited.

  1. Official emails will never include a subject line that is in all caps. 
  2. The odd use of the word "pass-word" is a red flag. 
  3. General misspellings, grammatical errors and typos show either poor English use or a lack of care from the other party. Either way, the validity of the email should be questioned. 
  4. A hidden, embedded link, in all caps, that doesn’t explain what it does, is always a red flag.
  5. Official contact information from the school is omitted. A CSUN email would include contact information. 


CSUN Policy Infringement

Reported: August 27, 2017

Email:

Date: August 27, 2017 at 6:43:28 PM PDT
Subject: CSUN policy infringement

Your CSUN email account has been reported for an infringement which violate (1)

Federal law and CSUN policy. If this might have been an error,kindly click on 

the link and verify your identity. (link has been removed and altered) (2)

Thanks,

CSUN Web Team (3)

  1. General grammatical errors show that it’s unprofessional and probably fake.
  2. Hidden or embedded links should be hovered over with your cursor to see where they direct you before proceeding. 
  3. Contact information is omitted to prevent you from asking for confirmation. A CSUN email would include contact information should you have a question.


The New Outlook Web App for Staff and Students

Reported: February 22, 2017

Email:

Date: Thursday, February 23, 2017 12:33 PM
Subject: The new Outlook Web app for Staff/Student

The new Outlook Web app for Staff/Student is the new home for online self-service and information. (1)

Click on Log on and login to:

  • access the new staff directory
  • access your pay slips and P60s (2)
  • update your ID photo
  • look up student records using the contact search facility

use our quick links at the bottom of each page to help you find relevant tools and information (3) (4)

  1. Assuming that we are moving to a new platform, it wouldn’t happen over just one email. Most likely, you would be notified beforehand about eventually moving to a new service.
  2. This email includes some typos and grammatical errors. 
  3. Official CSUN emails usually include official contact information at the bottom of the email. 
  4. Be wary anytime you are asked to click on a link to conform and/or verify information. 


Important Announcement 

Reported: February 20, 2017

Email:

Date: Monday, February 20, 2017 at 8:19 AM
Subject: Important Announcement (1)

A meeting has been scheduled, (2)

Click here to view details (link has been removed) (3)
 
Thank you
California State University

  1. The subject header is very vague. At the very least, CSUN will inform you as to the main point of the email being sent out.
  2. The body of the message indicates that a meeting has been scheduled. At CSUN, you would have received a meeting request via Outlook and would not be asked to open an attachment for details. 
  3. Be wary of links in emails. Hover over them to see where they go before clicking on them. 


Tax Statement

Reported: January 19, 2017

Email:

Date: Thursday, January 19, 2017 9:07 AM
Subject: Tax statement. (1)

(Name Removed),

I need you to send me all the copies of employees wages and tax statement for 2016, I need them in PDF send as attachment. Kindly prepare the lists and email them to me ASAP (2)

Regards.

Sent from my iPhone (3)

  1. The subject header is vague and suspicious. 
  2. Be wary of anyone asking for this level of information over email. Typically, this is something best requested in person or through a phone call.
  3. It's also apparently sent from an iPhone. Although some business is conducted by phone, a request of this nature would not be sent from an iPhone. 


Mailbox Helpdesk

Reported: May 14, 2016

Email:

Date: Saturday, May 14, 2016 5:23 AM
Subject: Mailbox Helpdesk

Dear Staff(s). (1)

New security updates need to be performed on our servers,due to the rate of phishing. Please CLICK HERE (link has been removed) (1) and sign in to the IT Help server for maintenance and update of your mailbox.

If your mailbox is not updated soon, Your account will be inactive and cannot send or receive messages. (3)

On behalf of the IT department, this IT Alert Notification was brought to you by the Help Desk Department. This is a group email account and its been monitored 24/7, therefore, please do not ignore this notification, because its very compulsory.

Sincerely,

IT Department (2)

©2016 Microsoft outlook. All rights reserved. (4)

  1. It's ironic that an email about phishing could be used for phishing. Note the lack of a personal greeting. Also note that the user is immediately asked to CLICK HERE before anything has really been explained. 
  2. The email has been sent by the "IT Department" which is very vague and not from the IT Help Center and includes no contact information. 
  3. The finality of the email should raise some suspicion. Most of our email campaigns will have multiple emails leading up to the “final” notification.
  4. In the signature line, the "outlook" portion of Microsoft Outlook is not capitalized. This is a red flag. 


CSUN Terror Alert

Reported: May 30, 2015

Email:

Date: May 30, 2015 2:52 AM
Subject: CSUN Terror Alert (1)

This is to notify you that the California State University received a
terror threat through your email directly to the University.The (IT)
Policy Help Center (3) STRICTLY require your email account verified and (2)
clear you from sending terror threats at the University with the email
system of the University and for an active affiliation with cyber
technology services.

The satellite system network does not show 2015 active uiversity data for
you at this time. You are required to provide the following
information in response to this email for activation and proper
verification and scrutiny:

Username: (4)
Password: (4)

Your email account is scheduled to be deactivated within 24 hours "Non
Compliance "After that time, you will not be able to access your
mail box. Emails sent to your mailbox will be rejected.

CSUN
© California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330

  1. Vague warnings always raise red flags when it comes to phishing.
  2. General grammatical errors or strange phrasing should alert you to the possibility that the request is not valid. 
  3. This email includes a service and department that does not exist at CSUN. 
  4. CSUN will never ask you for your CSUN username or password. 


Your Staples Order Has Shipped for (Name Removed)

Reported: May 21, 2015

Email:

Date: Thursday, May 21, 2015
Subject: Your Staples order has shipped for <name removed> (1)

The following items from your order have shipped. Won't be there to sign for your order? (2) Print our Driver Release form. If you are expecting additional items, you will receive a separate email when those items have shipped. Order: 2cc7e8 Order Date: May 18, 2015 Order Total: $23.88 TRACK ORDER Shipment 1 Expected delivery: May 29, 2015 It

em No. Name Qty. FEL-3604101 Fellowes Powershred Clear Plastic Shredder Bag 50 gal 42 12 Dia 50H x 42 12W x 22D 1 If you have any questions about your order, please visit our Help Center. Need to make a return? No problem. Visit our Return Center. Free Shipping Rewards members receive free shipping every day. Oversize and Add-on Items excluded. Free Returns Not 100% satisfied? Return items easily online. Price Match Guarantee Pay the lowest price every time you shop. We'll match any competitor with an online and retail store. (3)

  1. Consider whether or not you've actually ordered anything recently. If so, contact Staples directly to inquire about the order.
  2. The general flow of the email is off. The party attempting to phish is asking a lot of hypothetical questions which is suspicious. 
  3. There is a general lack of punctuation. 


California Educator Preferred 

Reported: February 13, 2015

Email:

Date: Friday, February 13, 2015
Subject: California Educator Preferred (1)

NO LENDER CLOSING COST MORTGAGES for CALIFORNIA EDUCATORS and ALL SCHOOL EMPLOYEES --- FLYER and AVAILABLE PROGRAMS and TESTIMONIALS ATTACHED (removed)

****THIS PROGRAM IS AVAILABLE AT THIS BRANCH ONLY -- CALL TODAY FOR DETAILS -- 484-754-XXXX (number removed) (2)

**If you have a family member who is purchasing or refinancing a home, they are also eligible for this program as long as they mention your name and your email (2)

***Feel free to forward this to anyone in the education industry. This program is available throughout PA, NJ, FL, DE, MA, CA

Hello, 

I thought your faculty would like to know that our company, Annie Mac Home Mortgage, has a special Mortgage offer for Educators and School employees. 

We are a direct lender with our headquarters located in Mount Laurel, NJ. 

With our Educator Preferred Home Mortgage promotion, we waive all bank fees associated with your mortgage refinance or purchase, ***Offer good on primary home, vacation home and investment properties. 

  1. This email resembles a promotional email and sounds legit because it seems to be addressing the education sector. However, note that there is no formal greeting. This is immediately suspicious.  
  2. This email possesses a sense of urgency trying to get the user to act immediately and even asks that it be forwarded to those in the education industry. The information itself is included in an attachment which is very suspicious. Do not open attachments unless you are very familiar with the source. Do not forward emails to your colleagues if there is any doubt to its validity. 


cb

Reported: January 14, 2015

Email:

Date: Wednesday, January 14, 2015
Subject: cb:(1)

http:(link has been removed) (2)

  1. Surprisingly, these minimalist emails can be just as disruptive due to appealing to your curiosity. The subject line of the email is not something recognizable. 
  2. As always, attempt to hover over links before clicking on them (if you must open them). Doing so will allow you to know where the link is attempting to direct you to.


NEW CSUN FACULTY & STAFF DISCOUNT - 14/11/2014

Reported: November 14, 2014

Date: Friday, November 14, 2014
Subject: NEW CSUN FACULTY & STAFF DISCOUNT - 14/11/2014 (1)

Good Morning, (2)

As you may know a tentative agreement with California State University management was reached late night Thursday. 
After months of hard work the California Faculty Association feels this agreement has many positive gains for the hard working faculty, librarians, counselors, and coaches in the system. (3)
After years of stagnation, this contract will enhance our working conditions and salary with relief coming soon!
The following link is to the notice of agreement sent Thursday to Discount Allocated members-

https (link has been removed) (4)

Click Here To Read (link has been removed) (4)

More information about the contract will be available soon with statewide officers and bargaining team members visiting the campuses to explain all aspects of the contract. Then a ratification vote will take place.

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. 

You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

  1. This email subject header is trying to force you to read it by capitalizing its entire subject header. The date format is not typical for this region. This should immediately make you suspicious.
  2. The email is not specifically meant for you in any way. If you can check the cc list, see how many people this was actually sent to. Generic greetings are usually red flags.
  3. While the email pretends to be an important one, it does not give any details about the apparent “months-long hard work” that has been going on. Lack of detail can be a red flag.
  4. A hidden link may be a red flag. The page may lead to a fake authentication page, so be aware! You will be asked to input your CSUN credentials into a fake authentication page, which redirects to the real one after you press enter. This will make you think that you simply entered in your password incorrectly.


Important Salary Notification

Reported: November 12, 2014

Email:

Date: Wednesday, November 12, 2014
Subject: Important Salary Notification (1)

As part of <institution name> standard practice to offer salary increases once a year after an annual review, the Human Resources reviewed you for a salary raise on your next paycheck (2)

Click below to confirm and access your salary revision documents: (3)

Click Here to access the documents (link has been removed) (3)

Sincerely,
Human Resources (4)
  1. The generic subject line should raise some concern. 
  2. If you have worked at CSUN for a certain amount of time without ever hearing about this practice, you should consider this email suspicious. 
  3. As before, be wary of clicking on any sort of link you are unfamiliar with.
  4. Note that any sort of contact information is omitted. This is usually a red flag.


Your CSUN Email Account Has Been Restricted

Reported: November 12, 2014

Email:

Date: Wednesday, November 12, 2014
Subject: Your CSUN Email Account has been Restricted. (1)

Your Csun Email Account has been Re-set OR Restricted , (1)
For Security reasons.Please Click on the link below to Re-active. (2)

http://outlook.xxxx/mycsunemail.onmicrosoft.com/account-activation (link has been removed) (3)

Thank you,
IT Help Desk

2014© CSU Northridge, All Rights Reserved. 

  1. This email uses scare tactics to get you to open . 
  2. The lack of proper punctuation should tip you off as suspicious. 
  3. The instruction to take quick action is a link that is not familiar.


IT Service Desk - Your CSUN Email Account Authentication has been Restricted.

Reported: October 23, 2014

Email:

Date: Thursday, October 23, 2014
Subject: IT Service Desk - Your CSUN Email Account Authentication has been Restricted.

Dear CSUN Users:

Due to the excess complain we get everyday from our CSUN account users (1)
 
We are upgrading our CSUN account database and we are providing a security system to prevent all CSUN account users from spammers Threats.

Your account safety is our top priority. Due to our recent IP routine check; 

we have reasons to believe that your account has been violated for security reasons.

- Please we have created a new publishing mail filter security alert system for all web mail user. 

- You are hereby instructed to Authenticate your account to prevent any third party access. (2)

- To Authenticate your account for upgrade Please click on the Authentication link IT SERVICE. (2)

- Failure to authenticate, your account will be deactivated. (2)

Click Here To Authenticate (link has been removed) (2) (3)

Regards, 
(name has been removed)
Department of Electrical and Computer Engineering (4)
California State University Northridge
18111 Nordhoff Street
Northridge, CA 91330-8346
© 2014 California State University, Northridge‹

  1. Immediately noticeable is that the email has very poor grammar and typos (complain instead of complaints). 
  2. The instructions provide a call to action with an aggressive consequence if you don’t fulfill it. This is suspicious. 
  3. As compared to all previous emails, when viewing a link, you should hover your cursor over it to see where it actually goes.
  4. This email states it was sent from the IT Service Desk, however, the bottom of the email states contact information for the Department of Electrical and Computer Engineering. The fact that this is not consistent makes this email suspicious. 


Restricted

Reported: October 23, 2014

Email:

Date: Thursday, October 23, 2014
Subject: IT Service Desk - Your CSUN Email Account Authentication has been Restricted. (1)

Dear CSUN Users:

Due to the excess complain we get everyday from our CSUN account users
 
We are upgrading our CSUN account database and we are providing a security system to prevent all CSUN account users from spammers Threats.

Your account safety is our top priority. Due to our recent IP routine check; 

we have reasons to believe that your account has been violated for security reasons.

- Please we have created a new publishing mail filter security alert system for all web mail user. 

- You are hereby instructed to Authenticate your account to prevent any third party access. (2)

- To Authenticate your account for upgrade Please click on the Authentication link IT SERVICE. (2)

- Failure to authenticate, your account will be deactivated. 

Click Here To Authenticate (link has been removed) (2)

Regards, 
(name has been removed)
Department of Electrical and Computer Engineering
California State University Northridge
18111 Nordhoff Street
Northridge, CA 91330-8346
© 2014 California State University, Northridge‹

  1. You can see from the previous example that the body of this email is the same but the subject line is different even though it was sent on the same day. Phishing attempts will often reuse wording and include subtle differences such as a different subject line or greeting to make it appear legit. If you receive two emails with very similar content but different subject lines, this is an immediate red flag. 
  2. This email asks the user to "authenticate" their account many times. This is not something CSUN would ask you to do and the urgency of the requests is highly suspicious in nature. 


CSUN FACULTY & STAFF DISCOUNT

Reported: October 21, 2014

Email:

Date: Tuesday, October 21, 2014
Subject: CSUN FACULTY & STAFF DISCOUNT (1)

Good Morning,

You Have 1 New Message Regarding CSUN Faculty and Staff discount 

Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=discount (link has been removed) (2)

Click Here To Read (link has been removed)

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons. (3)

  1. This one is a very good phishing email, or at least the body is. The subject header is in all capitals, which is a typical red flag.
  2. Email from CSUN tech support always come with a case number and contact information. While the tracking URL is something we have used, please be advised that email from CSUN Tech Support will also include a case number of some sort.
  3. This email is supposedly about faculty and staff discounts yet it includes a line about resetting your password. This is a red flag. 


Unpaid Invoic (.pdf)

Reported: October 15, 2014

Email:

Date: October 15, 2014
Subject: Unpaid Invoic (2)

Email example noted in this ,pdf alert sent by the National Cybersecurity and Communications Integration Center http://www.csun.edu/sites/default/files/unpaid-invoic-example-101514.pdf (.pdf) (1)

  1. What follows is a report about a phishing email sent out to multiple government agencies. The link to the PDF is a link to the report done by the National cybersecurity and communications integration. The .pdf example below includes the actual wording from the email received. Review the document to see why this email was suspicious. 
  2. Also note that the actual email's subject line of "Unpaid Invoic" is not spelled correctly. This is an immediate red flag. 


IT Help Center :- Good Morning

Reported: October 15, 2014

Email:

Date: Wednesday, October 15, 2014
Subject: IT Help Center :- Good Morning

Good Morning, (1)

CSUN email delivery to several CSUN faculty and staff mailboxes, including your mailbox, was temporarily disrupted yesterday, Tuesday, October 14 2014 between 4:00am and 9:45 am. (2) Consequently, messages sent to your CSUN email account between those hours may have been delivered to a sub-folder under your email account named "Sync Issues/Server Failures," instead of your Inbox. To view these messages, please follow the link included below. 

Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=1unreadmessage (link has been removed)

Click Here To Read (link has been removed)

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

This email goes out of its way to seem legitimate. 

  1. This email is not addressed to you specifically. Generic greetings, while not a sure sign of a phishing attempt, are definitely reasons for suspicion. 
  2. This email is stating that something took place the previous day. If such an event did not take place then this should immediately raise a red flag. 
  3. This is something you can check. If you see the cc list in the email, or just see who it was sent to, see if it was sent to you specifically or if it was sent to a mailing list. You should still be suspicious even if it WAS sent to an official CSUN mailing list, but a discrepancy like this is something to watch out for.


Tech Support :-  [CASE #4298000]

Reported: October 14, 2014

Email:

Date: Tuesday, October 14, 2014
Subject: Tech Support :-  [CASE #4298000] (1)

Dear Member, (2)

You have a new request and your case number is 4298000. Your request has been submitted to our Support team and one of our staff members will process your request as soon as possible. 

Listed below are details of this case. 

Case: New 365 Update 
Case#: 4298000 (3)
Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=349400&ck=4zBXVHG2 (link has been removed)

Click Here To Read

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

Regards,

IT Help Center.

California State University, Northridge ® . (4)
18111 Nordhoff Street, Northridge, CA 91330 

  1. Another email that seems to do a really good job at imitating tech support cases from CSUN. Ask yourself if such a case could actually exist.
  2. As before, be wary of emails that address you informally or generically. Typically speaking, emails from CSUN tech support will address you personally.
  3. It seems to very closely mimic the format typical of our case updates. If you are unfamiliar with a case being made in your name, do not hesitate to actually contact the IT Help Center with the case number given to you.
  4. The signature line of this email is not typical of what the campus would use. 


Avoid Fraudulent Email Messages

Reported: October 5, 2014

Email:

Date: Sunday, October 5, 2014
Subject: Avoid Fraudulent Email Messages

Dear Member, (1)

CSUN faculty and staff continue to be targeted by fraudulent email messages. We are taking actions to help reduce the effects of these "phishing" email attacks. As an example, CSUN implemented a solution that checks incoming email from off-campus accounts with web links with fraudulent characteristics. If the solution detects fraudulent characteristics, and the user clicks one of these links, they will be directed to a page indicating the website has been blocked. 

CSUN also implemented a solution that specializes in detecting and preventing incoming phishing attacks from non-CSUN email addresses has been implemented and now blocks approximately 60,000 fraudulent messages every month.

We have upgraded our CSUN account database and we are providing a security system to prevent all CSUN account users from spammers and hackers. (2)

Due to This All Faculty & Staff users are subject to a 365 Online Upgrade. 

Tracking URL: https://techsupport.csun.edu/verification.jsp?ci=349447&ck=4zBXVHG2 (link has been removed)

Click Here To Begin (link has been removed) (3)

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-627-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

  1. Be careful of any email that addresses you informally and vaguely. Additionally, incidents that affect the campus as a whole will typically also end up on Current Service Interruptions page. If you have questions about an email, please contact the IT Help Center.
  2. Vague “upgrades” to the system should raise red flags. Upgrades happen all the time. They do not require you to validate your account.
  3. This email included a link that was removed in this example. Do not click on any links unless you can verify its source. 


Tech Support :- Case Number [CASE #4298431]

Reported: October 3, 2014

Email:

Date: Friday, October 3, 2014
Subject: Tech Support :- Case Number [CASE #4298431] (1)

You have a new request and your case number is 4298431. Your request has been submitted to our Support team and one of our staff members will process your request as soon as possible. (2)

Listed below are details of this case. 

Case: migration to Office 365 
Case#: 4298431 (3)
Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=349447&ck=4zBXVHG2  (link has been removed). Click Here To Read (link has been removed).

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

  1. This is another email that seems to do a really good job at imitating tech support cases from CSUN. Ask yourself if such a case could actually exist.
  2. Be wary of emails that address you informally or generically. Typically speaking, emails from CSUN tech support will address you personally.
  3. It seems to very closely mimic the format typical of our case updates. If you are unfamiliar with a case being made in your name, do not hesitate to actually contact the IT Help Center with the case number given to you.


CSUN Technical Support

Reported: October 3, 2014

Email:

Date: Friday, October 3, 2014
Subject: CSUN Technical Support

You have a new request (1)
and your case number is 4298431. (1)

Click Here To view message. (link has been removed)

California State University, Northridge ®
18111 Nordhoff Street, Northridge.

  1. This email is extremely vague. With these sorts of emails, we recommend that you contact the IT Help Center with the case number provided to see if it is legitimate or not.


Your Email Account

Reported: October 2, 2014

Email:

Date: Thursday, October 2, 2014
Subject: Your Email Account

Attention CSUN Email User (1)

Your Incident ID is: 170329 

This is an automated message to notify you that our technical team detected an attempt to access your email account from an unrecognized device on Monday, October 1, 2014 22:33 PM BET. 

Location: Asia, Malaysia 
IP Address: 89.187.182.01 

Was this You? If yes kindly ignore this message. 
If this wasn't you , We recommend that you CLICK HERE (link has been removed) to fill in details and register your current IP address in our database, as this will improve security in your email account and also against any further spam or virus contained email sent to you. (2)

Sincerely,

CSUN Email Services, (3)
California State University,
18111 Nordhoff Street,
Northridge, CA 91330
Phone: (818) 677-1200
Email:    
[---001:000564:57449---]

  1. The manner used to address you is off. Typically speaking, CSUN emails will address you personally.
  2. Immediate calls to action in all caps tend to be there specifically to get your attention and force you to open a link. Try to hover over these to see where  they go. If you doubt its validity, contact the IT Help Center with the ID you are given and they will help you determine if the email is valid. 
  3. The signature line of this email is not typical of what the campus would use. 


IT Help Center - Your CSUN Email Account Password Is About to Expire

Reported: September 29, 2014

Email:

Date: Monday, September 29, 2014
Subject: IT Help Center - Your CSUN Email Account Password is about to expire (1)

Dear Member, (2)

Your CSUN Email Account Password is about to expire.

Click on the link below to Validate Your Password (3)

http://outlook.com/owa/mycsunemail/account/password-Validation (link has been removed)

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the or in person, Oviatt Library, Room 33..

Regards,

IT Help Center

California State University, Northridge ®
18111 Nordhoff Street, Northridge, CA 91330 

  1. This email header is familiar to all CSUN users. If the subject seems unfamiliar, compare it to previous versions of this email you may have received.
  2. The email addresses you vaguely. Typically speaking, official CSUN emails will refer to you personally.
  3. ”Validating your password” is not a real action you can do. This should immediately raise a red flag. 


IT Help Desk - Your Email Account has been Temporarily Suspended :

Reported: September 28, 2014

Email:

Date: Sunday, September 28, 2014
Subject: IT Help Desk - Your Email Account has been Temporarily Suspended : (1)

There will be difficult challenges to Log-on into Your Csun Email Account, (2)
due to current upgrade on our Secured Server to all webmail user. (2)
Hence, Your CSUN account password have been Reset OR Changed. (2)

Please Click here - Validate Your Password (link has been removed)

Thank you,
IT Help Desk

© CSU Northridge, All Rights Reserved. 

  1. If you view an email like this from your CSUN email account, you can immediately dismiss the email as fraudulent because your account has not been suspended if you are using it to read the email. If viewing this email from a personal email account, you can dismiss this email quickly by logging in to your CSUN email account to see if it's still active. 
  2. The lack of proper grammar should make you feel a little suspicious. 


New Message

Reported: September 26, 2014

Email:

Date: Friday, September 26, 2014
Subject: New Message (1)

Dear Member, (2)

You Have 1 New Message

Click Here To Read (link has been removed) (3)

Regards,

IT Help Center

© 2014 California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330

  1. The message’s subject has no indication of an actual issue. Had there been an important specific issue, it would have given an indication as to what you needed to know.
  2. The greeting does not address you specifically. This is especially suspicious given that you are apparently receiving notifications about a message specially meant for you.
  3. The message indicates that you need to click on a link to view the message. It is recommended that you visit the actual application to view any messages that you may have. 


Some CSUN Webpages Unavailable – Portal and Webmail Access is Available

Reported: September 26, 2014

Email:

Date: Friday, September 26, 2014
Subject: Some CSUN webpages unavailable – Portal and Webmail access is available 

Hello (1)

Some university webpages are currently unavailable. 
Please monitor this web page for additional information and status updates. (2) (3)
We are working to resolve the issues as quickly as possible. 

Click here to confirm your access (link has been removed (4)

Thank you,
IT Help Desk

  1. This email addresses you both informally and vaguely. Even if an email from campus officials does not address you specifically, it will still be formal.
  2. Technical outages are normally reported on the IT Current Service Interruptions page. If you receive an email that is reporting outages and asking you to click on a specific link for more info, make sure you double-check if the link is legit. 
  3. The email asks you to visit a link that lets you ‘monitor … for additional information and status updates’ but then states the link at the bottom is to ‘confirm your access’. Minor discrepancies are key to picking apart phishing emails.
  4. CSUN would not ask you to “confirm your access”.


Your CSUN Account Password is About to Expire

Reported: September 25, 2014

Email:

Date: Thursday, September 25, 2014
Subject: Your CSUN account password is about to expire.

Dear Member, (1)

Your CSUN account password Will Expire Today Thursday 25 September 2014

Click Here To Renew

www.csun.edu/account/password-renew (link has been removed) (2)

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the or in person, Oviatt Library, Room 33..

Regards,

IT Help Center

California State University, Northridge ®
18111 Nordhoff Street, Northridge, CA 91330 

  1. Official CSUN emails will address you personally.
  2. The link currently being shown is a real csun.edu webpage, HOWEVER, if you feel suspicious about an email directing you somewhere, hover over the link to see where it goes. It is possible to have the text say it will go one place, when it actually is directing you somewhere else.


CSUN Faculty & Staff News

Reported: September 23, 2014

Email:

Date: Tuesday, September 23, 2014
Subject: CSUN Faculty & Staff News

You are receiving this email because you are listed as the owner of the CSUN email accounts that are about to be migrated to the new cloud-based email environment, Office 365 (2). In addition to providing a more stable email environment, Office 365 offers an enhanced interface for Webmail (2) users, especially for Mac users. This email outlines key information about the migration and its impact on this account. 

The migration for these email accounts to Office 365 will occur between Today Tuesday, September 23 and Friday, 27. (2) If there is a large amount of email in these account (1), the migration may complete after business hours; in that case, the accounts will be available by following the directions below. (1)
  
Prior to the migration, we recommend emptying the junk mail folder and any deleted items because this will help speed up the migration process.
 
How will you be impacted during the migration?

  • During the upgrade/migration, you will be able to send and receive email; however, there are some changes you will need to make after the email accounts are migrated.
  • If the account has voice mail, you may notice a delay in the delivery of voice mail messages to this email account; this will not impact accessing these messages through the campus phone system.

How will you be impacted after the migration?

  • You will need to use your full CSUN email addresses of these accounts to sign in; you do not have to change the password.
  • If you use Webmail, you will need to access Webmail using the new Faculty & Staff Migrated to Office 365 button, logging in to the email accounts with the full CSUN email address (as listed above), and then selecting the Outlook link in the top right corner. Note that the old CSUN Webmail button will no longer work after the accounts has been migrated.
  • If you use Outlook to access these email accounts, once the migrations are complete you may see a one-time pop-up asking you to quit and restart Outlook before it successfully connects to the new mailboxes.
  • If you access these CSUN email accounts from an email client other than Outlook (e.g. Apple Mail, Thunderbird) or a mobile device (e.g. smartphone, tablet) , you will need to reconfigure the server name settings using the directions on the web page, Accessing CSUN Email After the Upgrade.
  • You may experience temporary slowness immediately after these email accounts are migrated while it synchronizes with the new environment. However, if the email accounts remain slow for more than a day after it has been migrated, please contact the IT Help Center.

Click Here To Migrate (link has been removed) (3)

Where can I get help? 

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the Faculty and Staff Email Upgrade page. (links have been removed) (4)

This phishing attempt is more elaborate than usual. The sender most likely copied some language directly from CSUN emails or policies.

  1. Some of the language is off. Though not necessarily something of concern, it should stir some suspicion. 
  2. This email actually references products used on campus but the user is given very little notice to act. This is typically a red flag. 
  3. The email asks you to click on a link to migrate your email, which has been removed in this example. In the actual email, the hovered-over link had a suspicious URL. Do not click on any links unless you can conform the end result. 
  4. This email asks the user to contact the IT Help Center, a real department on campus but points users to a suspicious page. 


FW: ACCOUNT UPDATE NOTICE

Reported: September 23, 2014

Email:

Date: Tuesday, September 23, 2014
Subject: FW: ACCOUNT UPDATE NOTICE (1)

Attachment titled WEBMAIL MAINTENANCE NOTICE.pdf (removed)

Engineering and Physical Sciences Research Council (EPSRC) - Pioneering research and skills

For pioneering science and engineering stories, download the EPSRC Growth App or visit the case studies page on our website.

_______________________________________________________________
This message has been scanned by the iCritical Email Security Service. For more information please visit http://www.icritical.com (link removed) (2)

  1. The email sent to you has a subject header that is sent in all caps. This is unprofessional and should alert you to this email potentially being a threat.
  2. Critical email security is not a service that actually exists. Typically speaking, a service that runs in the background to check emails or the like will not show end users (you) their scan results. This is generally suspicious. 


Your CSU, Northridge Account Password is About to Expire

Reported: September 22, 2014

Email:

Date: Monday, September 22, 2014
Subject: Your CSU, Northridge account password is about to expire.

Dear Member, (1)

Your CSUN account password Will Expire Today Monday 22 September 2014

Click Here To Renew (link has been removed) (2)

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the or in person, Oviatt Library, Room 33..

Regards,

IT Help Center

California State University, Northridge ®
18111 Nordhoff Street, Northridge, CA 91330 

  1. The email addresses you informally and vaguely. If a CSUN email addresses you, it will attempt to either include your name or omit to address you altogether.
  2. Be very careful of clicking on links. Most email clients show you where the link goes when you hover over it. 


FW FYI: MAINTENANCE NOTICE

Reported: September 19, 2014

Email:

Date: Friday, September 19, 2014
Subject: FW FYI: MAINTENANCE NOTICE (1)

Attachment titled WEBMAIL MAINTENANCE NOTICE.pdf (removed) (1)

  1. The email is almost entirely in all caps. An official email from a professional company typically will take time to explain why they need you to look at this email, instead of getting your attention this way. Even advertisements only highlight specific portions of their email or subject header.


Account Verification Notice

Reported: September 18, 2014

Email:

Date: Thursday, September 18, 2014
Subject: Account Verification Notice

Dear User, (1)

Due to system error's Your webmail needs to be verified today. (2)

Verify Now (link has been removed) (3)

Regards,
CSUN

  1. Technical support emails in general will not address you simply as “user”.
  2. The only complete sentence in the email has typos and grammatical errors. This should immediately raise a red flag. 
  3. As always, be wary of any link that you do not know the end destination of.


IT Help Center :- New Message

Reported: September 17, 2014

Email:

Date: Wednesday, September 17, 2014
Subject: IT Help Center :- New Message

Dear Member, (1)

You Have 1 New Message (2)

Click Here To Read (link removed)

Regards,

IT Help Center

© 2014 California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330 

  1. ”Member” is more appropriate for a gym trying to reach out to you about overdue membership fees. It is not a way that we at CSUN would refer to you in an email.
  2. Even if you did have a message, there would be some information as to who sent it and why, for the sake of authenticity.


<no subject> 

Reported: September 17, 2014

Email:

Date: Wednesday, September 17, 2014
Subject: <no subject> (1)

Can i discuss a transaction with you. 

wilson mak sen (2)

  1. This email was sent to our lists as shown to you. There was a link at one point, which has been removed. There is no subject header, which is contradictory to the reason for the email. A transaction is typically something important enough to warrant putting something in the subject for you to read.
  2. The signature line of the email is suspicious and not typical of a legitimate email. 
  3. If you are completely unsure who someone is, be wary of an email coming your way. This is also a good time to mention: even if the email claims to be from someone you know, it may be an attempt to get information from you by pretending to be someone important.


Verify Your Webmail Account Now

Reported: September 16, 2014

Email:

Date: Tuesday, September 16, 2014
Subject: Verify Your Webmail Account Now

This email is being sent to you because of violation security breach that was detected by our servers. (1) (2)
Our server detected that one of the messages you received from a contact has already infected your mail with a dangerous virus.

Please follow the link below to perform maintenance work needed to improve the protection of the email for us to verify and have your account
cleared against this virus.

http://www.csun.edu/maitenance/verification/ (link has been removed) (3)

thanks
CSUN
© California State University, Northridge 

  1. No formal greeting. 
  2. As a whole, the general tone of the email is unprofessional, and slightly off grammatically. 
  3. It’s doubtful CSUN would misspell “maintenance” on an official webpage's URL.

Return to Avoid Fraudulent Email Messages