Top NavTop NavTop Nav

Protect Yourself from Phishing

What does "Phishing" mean?

The term, "Phishing", is used to describe a style of scam conducted over email, where someone poses as a trusted official, administrator, or business, and attempts to gather sensitive information.  The concept of phishing has existed for a long time, though the styles of phishing attempts continue to evolve.

The most common result of a successful phishing attempt is identity theft.  The victim is no longer in control of their email account, and the phisher is able to access the content of the victims' email account and contact list, and possibly other connected applications like the victims' calendar or cloud drive.  In addition, if the victim used the same password with other applications and services, the phisher has potentially gained access to those as well.

A few examples of phishing attempts:

  • Notification that your password is (falsely) expiring and needs to be changed
  • Urgent demand to click a link or your account will be locked/deleted within a short time
  • Requests to purchase gift cards on behalf of someone else
  • Requests for changes to Direct Deposit information
  • Announcement of a new computer update, and link to click to download it
  • Statements that you have won a vacation or some other unexpected prize

What other steps can you take to protect yourself?

  • Delete unsolicited messages that ask you to log into your bank account
  • Look for odd spelling in messages, or strange links or addresses ("bob.csueastbay.edu@gmail.com")
  • Take note of messages that are addressed to generic titles, such as "Valued Customer"
  • Follow up with a phone call to any institution that sent you a questionable email
  • Keep your computer patched and updated, and run antivirus and antispam software
  • Instead of clicking links within an email, type them directly into your browser location bar
  • If it seems too good to be true, it very likely is.  Be skeptical!

What should you do if you have been phished?

If you accidently send your account credentials via email, immediately change your password by following the steps listed at http://www.csueastbay.edu/netid/self-service.html.  Contact the ITS Service Desk at https://csueastbay.service-now.com/sp to submit a ticket or to speak with a technician.  If you receive an email that you believe could be a phishing message, forward it to the Information Security Office at iso@csueastbay.edu.

Please remember:

No one from CSU East Bay will ask you for your password.  Never give your password to anyone.

© California State University, East Bay. All Rights Reserved.