Main menu (IT)

Week 2 - Fight The Phish

Phishing is a common form of malware attackers use in order to retrieve your personal information; however, there are preventative measures you can take to minimize the risk of being phished. Phishing can be presented in various ways some of which include websites and emails. Most often an attacker will send an email with a link to a “legitimate website.” If you hover over the URL you will be able to identify if the email is legitimate or not. In most cases the legitimate website will have their logo name on the URL, if the URL does not include the company name or looks suspicious (eg. misspelled words) avoid entering any personal information. In most cases these websites are not legitimate and will redirect you to a specially crafted website where they will ask you for your personal information. Being aware of all the techniques used to phish is essential in keeping you protected and safe. 

Below are some tips to prevent you from falling victim a phishing scam.

Keep Informed About Phishing

Being aware of all the possible phishing scams can help reduce the risk of you being phished. CSUN regularly updates their Phishing Examples page in order to provide recent looks into the upcoming and present Phishing attempts happening. Below you will find the a few different types of phishing and how they are used. 

  • Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key. Visit the Ransomware page for more information
  • Spear phishing is another form of phishing that targets specific people, threat actors target organizations and companies in an attempt to retrieve sensitive information. Threat actors have utilized social engineering as their main tool to get the user to allow them to view sensitive information. For more information, visit Spear Phishing

Please visit CSUNs page Phishing Examples to view and stay up to date with the latest Phishing attempts. 

Characteristics of a Phishing Email

It can be very tricky to identify a phishing scam, but here are some common traits:  

  • Asks for sensitive information (e.g. click here to verify your username and password)
  • Asks you to download something (e.g. click here to get the necessary virus update file)
  • Contains spelling and/or grammatical errors (e.g., thank you, from trusted administrator)
  • Threatens you (e.g. do this or else your account will be deleted)
  • Contains suspicious web addresses/URLs (e.g. visit the CSUN page by visiting: http:// www. csunorg31.com/account)
  • Contains unexpected/inaccurate content (e.g. you've exceeded your email quota)
  • Are generically addressed (e.g. dear CSUN customer)
  • Expresses an urgency (e.g. you must click here immediately to avoid having your account terminated)

 Please visit CSUNs page Phishing Examples to view and stay up to date with the latest Phishing attempts. 

Before You Click

Before you decide to click on any links, be sure to hover over the desired link to verify the website you are being redirected to. DO not click on links sent in suspicious emails or instant messages, as they may appear legitimate but may actually be malicious. When in doubt go directly to the desired website rather than click on a link.

Check Your Online Accounts Regularly

Make sure to check all your accounts for any malicious activity. A good habit to keep in mind is to regularly change your passwords for all of your accounts. Do not use the same password for all accounts. To prevent bank phishing be sure to regularly check your statements. If you see purchases that were not made by you, contact your bank immediately.

Never Give Out Personal Information 

As a general rule, you should never give out any personal identifiable information to any source you do not trust. Some phishing pages will redirect you to a specifically crafted webpage where they will ask you for information. If click on the URL you maybe able to tell if the website is legitimate, most often companies will have their name on the URL. Be weary of any email asking for any personal information. Before sending any information make sure the email is legitimate or by making sure it is not coming from a malicious email. 


Return to October National Cyber-Security Awareness Month 

Follow along each week of October as we give tips to help keep your online life safe and secure. Share your appreciation for NCSAM with #BeCyberSmart and #CyberAware.

Visit: Week 1           Week 2            Week 3            Week 4