document iconmyCSUSM
cougar courses logoCOUGAR COURSES
email iconEMAIL
email iconMS OFFICE APPS
password iconPASSWORD
MANAGEMENT
Your  Account:
document iconmyCSUSM
cougar courses logoCOUGAR COURSES
email iconEMAIL
office iconMS OFFICE APPS
password iconPASSWORD
MANAGEMENT
Instructional and Information Technology Services (IITS)

Phishing Examples

What is Phishing? 

Please visit our page on phishing to learn not only what it is but get some tips on how to detect it.

Examples of Phishing Emails

Below are examples of recent phishing messages that have been sent to our campus. 

Internship Phishing

This example is a very basic email from a random Gmail address, it has no body, the subject reads "INTERNSHIP" and it has an attachment.

Internship Email

If you were to open the attachment you would see a couple more things that seem odd. They say the job is for the U.S. Department of Health and Human Services but it was not sent from a .gov email. The offer is for a remote position, 4 days a week, with above average pay for an intern; so sometimes when things sound too good to be true they are.

Internship Attachment

Opportunity Phishing

Unfortunetely sometimes phishing is even designed to look like it is an internal oppurtunity being sent from our own university. In this example pay is still what we would consider too good to be true. The link provided directs users to fill out their information in a Google form, this is not how this information will be collected in a legitimate request

Opportunity Email

Office365 Phishing

One way you can tell that this is a phishing message is by hovering over the “Office-365-login” link on PC, or long-pressing the link on mobile, and inspecting URL of the landing page. As seen in the screenshot above, the URL leads to a Wordpress.com webpage.

Another indicator that this message was likely phishing is that it was sent from a student account. Official communications from Instructional & Information Technology Services will always come from staff.

Phishing example
Email coming from a student CSUSM account

Hover URL going to wordpress
Hover URL goes to "youoffice365.wordpress"

Job Opportunity Phishing Email

One way you can spot this as a phishing message is by hovering over the APPLY HERE NOW link on PC, or long-pressing the link on mobile.

The second indicator that this is a phishing message is the improper grammar in the first sentence:

“All Email recipients of  California State University San Marcos  School District  Student and Staff are encouraged to be a part of this amazing offer.”

CSUSM is not a School District and there are extra spaces in between several words.

Phishing email 2 with typos

hover url
Hover URL goes to a short URL instead of an official campus URL

Additional Examples

Objective

Exercise caution when encountering unfamiliar URLs or those not belonging to a CSUSM webpage. For added security, consider seeking a second opinion from helpdesk@csusm.edu before accessing potentially malicious content.