You are here

CIO'S MESSAGE - October 12, 2021

Published October 12, 2021

Cybersecurity Awareness Month – Don’t Get Hooked

A laptop being hooked by fishing pole and text saying "don't get hooked by phishing."


Dear Students and Colleagues,

Phishing is one of the primary methods cybercriminals use to obtain your login credentials and personal information to commit fraudulent activities.  Below are common tips for detecting phishing email.

  1. Don’t always trust the display name.  Just because it says it is coming from a name of a person you know or trust does not mean that it is. Double check the email address and ensure that it is a valid address from a known person.
  2. Be skeptical of urgent, enticing, and alarming content with potential consequences.  Emails that create urgency, fear, or threats are usually fake. The purpose of these types of emails is to intimidate you into responding and acting quickly without thinking.
  3. Don’t respond to unsolicited requests for personal information.  Any emails asking to enter or verify personal details or bank/credit card information should be treated with extreme caution.
  4. Don’t immediately follow an unknown link to a website.  Emails that provide no content, but a simple button pushing you to an unfamiliar website should raise a red flag.
  5. Don’t be fooled by short links.  Short links are dangerous and don’t reveal the actual website making it easy to hide suspicious URLs.
  6. Beware of emails regarding money.  Large financial rewards are often too good to be true.  Similarly, do not fall for emails requesting money or payment or to purchase “gift cards.”
  7. Consider the non-specific greeting / salutation.  Look out for greetings that are generic and vague such as, “To whom it may concern,” “Hello there,” or “Valued customer.”
  8. Closely review the email signature.  Check to make sure it is signed by the same person as the Sender or “FROM” address.
  9. Pay attention to poor grammar and punctuation.  Legitimate business emails are usually professionally written and contain little to no grammar mistakes.
  10. When in doubt, research and contact the company or source directly.  It is best to always verify and confirm the legitimacy of the email communication before taking any action.

If you have any questions or concerns with information security, please contact ISO@csulb.edu. As always, you can report suspicious emails by forwarding them to alert@csulb.edu.

Cuc Du

Information Security Officer