Identify Phishing
Do either of these email subject lines look familiar?
- Item shared with you “2022 FACULTY EVALUATION.pdf” or
- “PART TIME BITCOIN REMOTE JOB”
These are two recent examples of phishing emails that have successfully resulted in compromised CSULB accounts. With each compromised account, hundreds more of these types of emails are sent to our campus community. CSULB Division of IT systems stop hundreds of thousands of malicious emails from reaching campus email Inboxes, but educated, informed, and vigilant campus employees and students remain the University’s last line of defense to thwart phishing attacks. Evaluate your emails with skepticism and use the following guidance to protect your campus computing and University information.
How to Spot a Fake
Using the two recent examples, please find details illustrating elements exposing them as fakes.
Example #1
- Start by examining email sender information. Very often, the sender is from an external address even if they appear to be someone you may know on-campus. Learn more about email spoofing. In this example, the sender is unknown, so recipients should be leery about this message.
- Check for email system CAUTION messages. In cases of email spoofing, the contact may appear to be from an @csulb.edu or @student.csulb.edu address, it’s actually not. External email messages will receive the CAUTION warnings as illustrated in the email above.
- Question the contents of the email. In this example, the message states the document is from Gloria Quive, who appears to be from Lehigh.edu; however, the message says the message is from Jane Close Conoley. This inconsistency should give the message away as a fake.
- Hover over the link (or long-press on a mobile device) to reveal the URL link. Do not click any suspicious links from unsolicited emails, but by hovering over or long-pressing the link, you can reveal the source of the link. In this case, the supposed PDF was a link to a drive.google.com site, which is not a CSULB standard storage service.
We recommend you check the Phish Bowl to see if it’s a known phishing attempt. If it’s not yet in the Phish Bowl, forward the message to alert@csulb.edu and we’ll validate the message.
Example #2
- Compromised CSULB account. This email was generated by a compromised employee account. In examples of compromised users, the email address is from a legitimate @csulb.edu or @student.csulb.edu account. You won’t be able to block the sender as they are legitimate campus email users.
- Unsolicited/Unexpected. The content of the email is not something you’d expect from a student or employee account. Very often the sender requests the recipient to correspond with a third-party (e.g. Gmail) address, different from the sending address.
- Inconsistent sender. Be cautious any time the signature line does not match the sender address.
Again, you can check the Phish Bowl to see if it’s a known phishing attempt. If it’s not yet in the Phish Bowl, forward the message to alert@csulb.edu and we’ll validate the message.
What to Do If You Fall for Phishing
- Even if you fall for a phishing message and provide the hacker with your password, they still need to get past Multi-Factor Authentication (MFA). It’s important that you never accept any second factor request (MFA push/phone call) if you aren’t actively logging in to a campus service.
- If you ever provide your username and password as a result of a phishing scam, you’ll need to follow these steps:
- Reset your password immediately.
- Check your account to ensure only your phone is listed for MFA options.
- Check your email inbox rules, as hackers very often implement rules to delete all incoming email. Refer to our article on cleaning up accounts after they are compromised.
Microsoft Authenticator App is More Secure
If you’re using SMS or Phone Call for MFA second factor, it’s strongly recommended you use Microsoft Authenticator.
Learn about upcoming Authenticator app enhancements that will provide even more account security.