Beware of Phishing Scams at CSULB

Did you know research shows that the research/education sector is the most targeted by cyberattacks? Yup. So recognizing and reporting phishing emails is a shared responsibility at CSULB.

Elbee shark holding a mobile device. image says "don't get hooked. stay cyber secure like Elbee."

Spot It

Learn from some of the most common and successful phishing emails that have recently targeted CSULB employees and students:

  • Job Opportunities - These emails quite often come from compromised CSULB accounts and lure recipients with unsolicited job opportunities that often sound too good to be true.  They provide basic job information and easy qualifications and direct you to email someone at a non-CSULB email address for more details.  These scams have been known to lure you into providing personal and sometimes financial information and leading to loss of money. 
    Example of a real phishing email that advertises a fake job description. The job title is described as a personal assistant with job responsibilities listed. There is a Google Docs URL link to apply.
  • Password/Email Verification - These types of emails ask you to verify, confirm, update, keep your account credentials and provide a link to a fake webpage, often imitating a Microsoft or Google page. These emails are attempting to collect your username and password, giving a hacker instant access to your account for further use and malicious intent. 
    Example of a real phishing email claiming that there has been a request to terminate user's Office 365 accounts if they are not verified through the short URL link. The phishing post claims to be from the IT Department on campus.
  • Documents Shared with You - Hackers will try to impersonate people at CSULB, such as someone in the HR department, the Technology Help Desk, or even a colleague, or another CSULB student.  These types of phishing emails might ask you to click on a link to access a document with enticing but fake subject matter.  These emails are usually attempting to steal your username and password. 
    Example of a real phishing email claiming to be President Conoley attaching a Word file that needs to be signed and reviewed.
  • Quick Tasks - These scams often appear to come from a management-level colleague but from a non-CSULB email account, like Gmail, and asking if you’re available for a quick favor. These often develop into attempts to get you to make purchases of gift cards.
Example of a real phishing email asking for a discrete request to be made by responding to the email. This is claiming to be a request from University faculty.

Want to Learn from More Real Examples?

Report It

  • If you use the Outlook online app for your CSULB email, you can report phishing emails to Microsoft to improve our email filtering.
  • If you think you may have encountered a phishing email, you can forward it to alert@csulb.edu. We can help you determine if it’s a phishing email. Whatever you do, do not click on any links, reply to the email, or send it to anyone else!

Get the Best Protection for Your CSULB Account

Know about our Multi-Factor Authentication (MFA) Top Tips

As a student or employee, you're required to use MFA at CSULB. Ensure you're making the best of it with our tips for the best security.

multi-factor authentication top tips with details listed within the following paragraph
  1. Use Microsoft Authenticator app for its every day convenience and additional security features. If you're using SMS text or phone calls for MFA, you are more vulnerable to scams.
  2. Only accept second-factor requests with you initiate them.
  3. Setup multiple multi-factor methods to ensure you maintain a backup and can always access campus services. Learn how to manage and change your default MFA login methods.
  4. Use "passwordless login" for logging into your campus account.

More Fun and Learning Opportunities

Want to test your phishing knowledge?

Check out Google’s Phishing Quiz.

How to Avoid Job Scams + Spot Fake Job Offer Letter

CSULB is not affiliated with the creator of this video.