These are real examples of phishing emails that have been received by CSULB employees. To see a current list of reported phishing attempts on campus, see the Known Phishing Reports page.
There are three clues in the following example that hint at this email not being valid:
- The sender's address is displayed and it is not from an @csulb address.
- This is from a peculiar non-university location. CSULB would not likely send you to a form site.
- A typical tactic by phishing attempt emails is to give you sense of urgency.
Figure 1: Shows three clues of phishing.
Another three clues showing a questionable email source, in this example:
- The sender's address is displayed, and it is not from an @csulb.edu address.
- The paragraph is written with many grammar mistakes.
- When you hover your mouse over the "Click Here" link you can see the pop-up box which will reveal this link takes you to a non-CSULB website.
Figure 2: Another three clues of phishing.
This example gives as many as six clues as to it's illegitimate intentions:
- The sender's address displays as if it's coming from CSULB. If you hover over any of the csulb.edu links, it does display a real CSULB site address. They are trying to establish legitimacy.
- The sender is requesting the recipient to reply to a peculiar, non-csulb address.
- The message is written with poor grammar and punctuation.
- CSULB IT support organizations would not request you to send this type of personal information by email nor to a non-csulb address.
- A typical tactic by phishing attempt emails is to give you a sense of necessity to comply.
- There is no such department or service name on campus.
Figure 3: Six clues of phishing.