Week 3 - Recognize & Report Phishing

Beware of phishing! From fake job postings for students to suspicious payroll emails for faculty – always double-check & report! By staying vigilant, we keep #CSUN safe and secure. #NationalCyberSecurityMonth #SecureOurWorld

What is Phishing?

Phishing is a cyberattack where criminals impersonate legitimate organizations or individuals to trick you into revealing personal information, such as passwords, credit card numbers, or other sensitive data. Phishing often occurs via email, but it can also happen through text messages, phone calls, and even social media.

Common Signs of a Phishing Attempt

1. Urgent or Threatening Language: Phishing emails often use scare tactics, like threatening to lock your account unless you act immediately.
2. Suspicious Links: Be cautious of links that look unusual or that don’t match the legitimate domain of the organization they claim to be from.
3. Unexpected Attachments: Avoid opening attachments from unknown or unexpected senders, as they could contain malware.
4. Generic Greetings: Phishing emails often begin with "Dear Customer" or "Dear User" instead of addressing you by name.
5. Misspellings and Poor Grammar: Many phishing messages have noticeable spelling or grammatical errors.
6. Requests for Personal Information: Legitimate companies won’t ask for sensitive information like passwords or payment details through email or text.

Examples of Phishing Scams:

• Email Phishing: An email pretending to be from your bank asking you to "confirm your account details."
• Smishing: A phishing attack via SMS text messages.
• Spear Phishing: A targeted attack aimed at a specific individual or organization, often more personalized and convincing.
• Clone Phishing: Attackers create a nearly identical version of a legitimate email or website to trick users.

For more detailed examples of phishing, visit the Information Security Phishing Examples page.

How to Protect Yourself from Phishing:

1. Examine the Sender’s Email Address: Make sure it matches the legitimate domain.
2. Hover Over Links: Without clicking, hover over links to see the actual URL before following them.
3. Verify Suspicious Messages: Contact the organization directly using a trusted method (not the contact details from the suspicious message).
4. Enable Spam Filters: Most email providers have built-in spam filters that catch phishing emails before they reach your inbox.
5. Use Multi-Factor Authentication (MFA): Even if a phishing attack steals your password, MFA adds an extra layer of protection.

How to Report Phishing:

• Forward Suspicious Emails: Many organizations have dedicated phishing report addresses (e.g., phishing@company.com). Any suspicious emails can be forwarded, as an attachment, to CSUN’s dedicated report address abuse@csun.edu. 
• Report to the Authorities: You can report phishing to official organizations like the Federal Trade Commission (FTC) or Anti-Phishing Working Group (APWG).
• Block and Delete: After reporting, block the sender and delete the email or message to avoid accidentally interacting with it later.

What to Do if You Fall for a Phishing Scam:

1. Change Your Passwords Immediately: If you suspect your password was compromised, update it right away.
2. Enable MFA: Add extra protection by turning on multi-factor authentication.
3. Monitor Your Accounts: Keep an eye on your bank and online accounts for any suspicious activity.
4. Report the Incident: Let your IT department, service provider, or the relevant authorities know about the phishing attack.

Week 3 Summary:

Take Action Today!

• Recognize Phishing Attempts: Watch out for urgent language, suspicious links, and unexpected attachments.
• Verify Suspicious Emails: Always check the sender’s email address and hover over links before clicking.
• Report Phishing: Forward suspicious emails to CSUN at abuse@csun.edu and block the sender.
• Use MFA for Extra Security: Enable multi-factor authentication to protect your accounts even if your password is compromised.
• Stay Vigilant: If you fall for a phishing scam, change your passwords immediately and monitor your accounts.

By recognizing and reporting phishing, you help protect yourself and others from cyberattacks.

For more information on how to report phishing, visit the Information Security How to Report Phishing page.

Additional Resources:

• What Is Phishing?
• Secure Our World
• Phishing Examples (IT) | CSU Northridge
• How to Report Phishing | CSU Northriidge

For more information on how to report phishing, visit the Information Security How to Report Phishing page.

By learning to recognize and report phishing attempts, you can safeguard your personal information and help prevent cybercriminals from succeeding.

Return to 2024 Cybersecurity Awareness Month