WARNING – EMAIL PHISHING SCHEME MAY HAVE COMPROMISED CAMPUS EMAIL ACCOUNTS
Early this morning, the campus was hit with a fairly massive phishing attempt. The message has the following characteristics:
Body of the message looks similar to this example:
If you were to click on the “Click here…” link, you would be asked for your username
and password. It looks like the site is down now, but it may not remain down or they
may use a different site. Just don’t click, and delete the message.
If you received this email but did not click, please just delete it.
If you clicked and entered your username/password, you must immediately change your
password and enroll in self-service password reset through passwordreset.csusm.edu.
If you have already enrolled for self-service password reset, you should update your
security questions. (If the attackers have your password, they can replace your security
questions with their own and then create a “back door” into your account.)
We all know that it is very difficult to prevent these attacks, and often difficult
to identify a sophisticated phishing message. This fall, we will initiate a campus
conversation about using multifactor authentication for off-campus access to resources
like email.
Please review for information about multifactor authentication.
If you have questions, please contact infosec@csusm.edu. The email address to send new phishing messages is abuse@csusm.edu.