Phishing refers to online fraud, in which you are tricked into revealing personal information for the purpose of identity theft (email account details, banking information, etc.). These impostors operate by impersonating businesses. The number one rule with phishing is to NEVER reply to email, text, or pop-up messages that ask for your personal or financial information. CSULB and other legitimate businesses do not ask you to send such sensitive information through these unsecure methods.
Spear phishing is an email-spoofing attempt that targets a specific organization or individual. It often seeks unauthorized access to sensitive information. They are known to be attempts by perpetrators that are out for financial gain, trade secrets, military information, or intellectual property. Often times, the sender masquerades (spoofs) as someone that is known by the email recipient.
The university's email system currently intercepts thousands of malicious email per year (spamming and phishing). Unfortunately no email system provides 100% protection, so some of the university's email system defenses rely on you – the email user.
As an extra measure, as soon as ITS is alerted of any new phishing attempts targeting campus employees, links that are included in the phishing emails are blocked so that if any on-campus users attempt to click on the link, it will not work. The block, however, does not work if the phishing link is accessed when you're off campus.
If a message asks you to email your password or account details it is almost definitely a phishing email or from a website that is likely to be a fraud. CSULB will never ask you to email your password or account details. Other clues:
View some Examples of Phishing Messages.
Click on image below to open:
Figure 1: Don't Get Hooked poster
If you responded to a phishing attempt while using university email:
Forward phishing emails to email@example.com. Depending on the nature of the phishing email, you may also want to forward the email to the company, bank, or organization impersonated in the email. You also may report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group, a group of Internet Service Providers, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
Many Phishing attempts utilize Google Docs as a webform for users to enter their personal information. To report abuse of Google Docs to Google, follow their procedure: https://support.google.com/drive/contact/drive_abuse.