CIO'S MESSAGE - October 15, 2019

National Cyber Security Awareness: Think Before You Click - How to Avoid Phishing and Spear Phishing Scams

Dear Colleagues,

Cybercriminals use phishing and spear phishing – a type of social engineering – to manipulate people into doing what they want. Social engineering is at the heart of all phishing attacks, especially those conducted via email. Spear phishing is a type of phishing which targets specific individuals or entire departments (e.g. Payroll, Accounting).

Here are a few things you can do to guard against phishing attacks:

• Never share your BeachID credentials via email.
• Beware of email attachments, including those from "@csulb.edu."
• Don’t click links in suspicious messages, such as "Click Here."
• Confirm identities. If unsure, call the sender at a number you know to be legitimate. Check with others if needed.
• Never email any confidential information without first confirming the request via phone call with your colleague and your supervisor.
• Take your time and don’t fall for messages asking you to act immediately.
• Think twice about sharing personal information online.
• Trust your instincts. If you get a suspicious message, forward it to alert@csulb.edu and Division of IT will take appropriate action if necessary.

You may visit the campus Phishing Reports page to confirm current known phishing attempts.

(This article has been adapted from an Educause Review blog, "Don't Let a Phishing Scam Reel You In". EDUCAUSE, licensed under the "Creative Commons BY-NC-SA 4.0 International license").

Aysu Spruill
Information Security Officer

Min Yao, Ph.D.
Vice President and Chief Information Officer