This describes the current ITS Phishing Alert process for responding to reported phishing attempts targeting @csulb.edu users. Not all reported email will lead to a response from ITS, but every reported suspicious email will be initially examined to determine if any action is necessary.
Phishing Reporting Process
- Users should report suspicious email to email@example.com
- ITS analyzes reported email for relevance and severity. Reports taken most seriously are those with phishing attempts that have traits such as the following:
- Is it OWA-like?
- Is it well written or official looking?
- Is the subject matter likely to lure staff, faculty, or students?
- Is it a broadly distributed email to @csulb.edu users?
- Based on severity level, ITS may take the following actions:
- Having the offending websites (of links contained within the emails) blocked at the campus firewall level so on-campus users cannot access the fraudulent page
- Reporting the offending email and webpage to website host / domain owners whenever possible
- Sending out a broadcast communication to the PhishingNotification@csulb.edu distribution group if necessary
When reports of offending email are sent to firstname.lastname@example.org, the employee receives an automatic message response shown below.
Sample automated message
Thank you for emailing Alert@csulb.edu and reporting suspicious email. The campus email system blocks an average of 15 million spam, phishing, and virus ridden emails each month, and, unfortunately, some deceptive email does get through.
WHAT WE WILL DO NEXT
If you have forwarded a copy of a phishing attempt, we will address the matter in the following ways:
- We will document the phishing attempt by posting it to our Phishing Reports list, and we will notify you when this is posted.
- If the phishing email includes a link to a fraudulent site, we may block the link and site from being accessed by on-campus users. Sometimes the sites are already blocked by the website host; if not, we’ll report it to the proper service providers.
- If it appears to be a serious and widespread phishing attempt, we may send an email to our “Phishing Notification” email list to inform members of the widespread phishing attempt.
WHAT YOU CAN DO TO HELP IMPROVE SECURITY ON CAMPUS
- You can learn more about Phishing (Phishing 101) and share with your colleagues to broaden campus awareness.
- You can block these unwanted emails by labeling them as “junk”. This will put any future emails from the sender into your junk e-mail folder.
- You can agree to opt-in to our “Phishing Notification” email list to receive email notifications when widespread and dangerous phishing attempts become known.
Thank you for helping improve campus security.