CIO'S MESSAGE - October 21, 2022

Cybersecurity Awareness Month – Spot the Phish

Dear Students and Colleagues,

With cybercrime an ever-increasing threat, please take some time to build your phishing scam awareness.  Did you know research shows that the research/education sector is the most targeted by cyberattacks? Yup. So recognizing and reporting phishing emails is a shared responsibility at CSULB.

Spot It
Learn from some of the most common and successful phishing emails that have recently targeted CSULB employees and students:

Password/Email Verification - These types of emails ask you to verify, confirm, update, keep your account credentials and provide a link to a fake webpage, often imitating a Microsoft or Google page. These emails are attempting to collect your username and password, giving a hacker instant access to your account for further use and malicious intent.

Documents Shared with You - Hackers will try to impersonate people at CSULB, such as someone in the HR department, the Technology Help Desk, or even a colleague, or another CSULB student.  These types of phishing emails might ask you to click on a link to access a document with enticing but fake subject matter.  These emails are usually attempting to steal your username and password.

Quick Tasks - These scams often appear to come from a management-level colleague but from a non-CSULB email account, like Gmail, and asking if you’re available for a quick favor. These often develop into attempts to get you to make purchases of gift cards.

Job Opportunities - These emails quite often come from compromised CSULB accounts and lure recipients with unsolicited job opportunities that often sound too good to be true.  They provide basic job information and easy qualifications and direct you to email someone at a non-CSULB email address for more details.  These scams have been known to lure you into providing personal and sometimes financial information.

Want to Learn from Real Examples?
See recent, real phishing examples with tips for avoiding these scams by visiting our article Don’t Get Phished – Identify Malicious Emails and How to Protect Yourself.

You can always view the ongoing list of phishing emails that have been reported to DoIT on our Phish Bowl site.

Report It
If you think you may have encountered a phishing email, you can forward it to alert@csulb.edu. We can help you determine if it’s a phishing email. Whatever you do, do not click on any links, reply to the email, or send it to anyone else!

Want More Protection?
Learn about some upcoming multi-factor authentication enhancements.

More Fun and Learning Opportunities
Want to test your phishing knowledge? Check out Google’s Phishing Quiz.

The CSU is hosting several webinars and a CSULB student poster contest to mark the month. Visit Cybersecurity Awareness Month for more information.

Cuc Du

Information Security Officer