Email Phishing Attacks
It’s clear that we are experiencing a persistent and focused email phishing attack. If the past few weeks are any indication, we can expect to see more of these and they are getting more sophisticated. The most recent ones appear to come from our Helpdesk and they use our campus graphics. It is only a matter of time before they start using our names. Don’t be fooled.
We are working with our spam filter vendor to try to improve their ability to detect and block these; but meanwhile please do not, no matter how urgent it appears, fill out a form or go to a website to “update your credentials” or “increase your quota,” confirm or deny your presence in Peru, or address whatever situation they are emailing you about.
The campus will never ask you to provide your username and password in email or in a web form – except for the periodic campus password update. We will be making some changes to that password change notice in order to help you be able to determine its authenticity.
If you get one of these phishing messages, you have a few of options:
- If it came in within the hour, forward it (preferably as an attachment) to firstname.lastname@example.org. If it is more than an hour old, likely someone else has already reported it.
- If you are on campus or using Outlook, you can submit it directly to the spam filter. This helps them identify future versions of phishing and may help them block messages. There are instructions here: http://www.csusm.edu/iits/security/phishing/reporting.html
- If you are at home, or using Outlook Web Access or another email system, you can submit it to the spam services by right clicking the message in your inbox and choosing “forward as attachment.” Send it to email@example.com. Then delete it!
- If you are not certain if something is a phishing message or not, ask by contacting firstname.lastname@example.org or email@example.com.
Instructional & Information Technology Services (IITS)