Phishing Examples
Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, social security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both.
Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.
This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim.
Gift Card Scams
Gift cards have become a popular way for scammers to steal your money. Scammers will send you an email or a tezt message, often impersonating your coworkers or supervisor or other university official, asking you to purchase gift cards for a special event. They willl usually asking you to be discreet. Often the sender will claim to be in a meeting and unable to take calls, preventing you from calling to confirm the request.
The initial email may start out innocuously, asking if you are available, stating that they need a favor, or asking for your phone number so you can receive text messages. Once you respond, the scammer will ask you to purchase gift cards, specifying the quantity and denomination. The message will ask you to scratch off the cards to reveal the codes, take pictures of those codes, and then reply back with those pictures.
If you reply with the cards’ codes, your money is now in the hands of the scammer. Gift cards are treated as cash, and in many cases, cannot be refunded.
How Can I Spot These Scams?
In most cases, the sender information is falsified to make it appear to be coming from a CSUN mail address. Remember: Pay close attention to the sender’s address. If on a mobile device, tap the sender’s name to reveal the actual email address. If the sender’s address ends in @gmail.com, @outlook.com, or anything other than @csun.edu, the request is most likely a scam.
Contact the person who is requesting these gift cards in person or through a known trusted phone number. If you appear to receive a text or call from a CSUN number asking you to purchase gift cards, look up the number in the CSUN directory and call that person. Phone numbers can be spoofed.
Never send gift card codes via email without confirming the request.
What if I Provided My Personal Phone Number?
If you responded to a phishing email and provided your cell phone number, you’ll need to be aware of the increased potential for future phishing messages. Known as smishing (or SMS phishing), the messages can impersonate coworkers, supervisors, financial institutions or other companies.
It can be difficult to spot malicious links in text messages, which is why we recommend not clicking on links or calling numbers provided by text messages. If you receive an unexpected text message claiming to be from your bank or other organization, contact the company via a known good number, such as the phone number printed on the back of your bank card.
By remembering that sender information can be falsified, you can remain vigilant and spot these fake messages. In these situations, Information Security recommends that you block the phone number that sent you the text message.
---Start of Email---
From: <your.email@students.edu>
Date: Sun, Jan 12, 2025, 2024 at 9:25 PM
To: <your.email@students.edu>
Subject: noreply
|Hi!
|-
|-
|I'm going to make you an offer you can't refuse. If reputation means anything to you.
|I am a programmer who likes to dig into other people's dirty laundry and I hack into cell phones, laptops, computers,
|tablets of users like you in order to extract from them "interesting" photos, videos, recordings of conversations or correspondence.
|I infected your device with a virus and have been watching you for over 2 months now.
|During these months, I have accumulated a lot of interesting information about you.
|-
|Not only do I have access to your phone book, correspondence, audio, but I also have information about the sites you visit.
|Can you guess what I'm talking about?
|-
|-
|I collect a selection of photos and videos, audio recordings, correspondence from the devices of users like you with the help of viruses and copy them to my own server.
|I've got some bad news for you. I can leak all of this online for general access, send it to your friends, relatives, acquaintances, send it to social networks and messengers.
|Trust me. This is something that can destroy your reputation once and for all!
|The effect will be fantastic! They will see what you do in all its glory.
|-
|It only takes one click for me to leak the information.
|You have the power to stop it. What do you have to do to stop it? I'll tell you about that next.
|-
|-
|You need to make a $1100 (US dollars) transfer to my bitcoin wallet. If you do not know how such transfers are made, just type in Google query: "Buy Bitcoin".
|My bitcoin wallet (BTC Wallet): <removed>
|-
|Nothing complicated, right?
|After receiving the specified amount, I will immediately delete all the information and leave you alone forever!
|-
|But you need to hurry up. I don't like to wait long!
|I'll give you 48 hours.
|-
|Don't think you can ignore me. After you read this message, I automatically get a notification about it.
|From then on, you have two days to pay!
|-
|Yes. You don't need to try to apply for help to resolve this situation. Bitcoin wallet is untraceable, and the sender address is automatically created.
|But if I happen to know that you share this email with someone else (and I will), I'll do a newsletter right away!
|I hope you make the right choice!
---End of Email---
How do we know it's phishing?
Note: The attacker sent the email above using the user's email account, indicating that the attacker has access to the account, which means it has been compromised. However, this situation is still considered phishing due to the following reasons:
- Generic Sender Information: The email does not address the recipient by name, making it a generic template.
- Threatening Language: The email uses fear tactics and threats to intimidate the recipient into compliance.
- Untraceable Payment Request: The demand for Bitcoin payment is a common hallmark of phishing scams, as Bitcoin transactions are difficult to trace.
- Unverifiable Claims: The sender claims to have access to personal information but does not provide specific evidence.
What to do if you receive a similar email:
- Do Not Respond: Avoid replying to the email or engaging with the sender in any way.
- Verify Your Account Security: Change your email password immediately and enable multi-factor authentication (MFA) for added security.
- Report the Email: Forward the email to abuse@csun.edu and reach out to Information Security at (818) 677-6100.
- Do Not Click Links or Pay: Avoid clicking on any links in the email and do not send money or Bitcoin.
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @students.edu>
Date: Tue, Oct 1, 2024 at 1:57 PM
Subject: [CSUN:IT Information Security Advisory] Security Update: MFA Authentication!
Please note, the QR code at the bottom of this email has been removed.
---End of Email---
How do we know it's phishing?
1. The sender's email address is NOT an official CSUN email address.
2. The attached QR code (removed in this example) leads to a visibly fake CSUN portal designed to steal your credentials.
3. “California State University,Northridge” contains no spacing between “University,” and “Northridge”.
4. The email body contains no text, it only contains an image of text.
5. The email does not contain an official CSUN email signature.
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Date: Wed, Aug 28, 2024 at 5:43 PM
Subject: California State University Intern Application
Your paperwork is being processed at the moment and will be available soon.
Kindly provide the following information for further processing:
- Name of your financial institution.
- Your name just as it appears on your financial institution.
- Phone Number
- School Email Address
-Alternative Email Address
-Mailing Address
If your Direct Deposit Information is not on the school payroll system, please provide a valid account and routing number where your weekly payments can be made.
Thanks!
---End of Email---
How we know it's phishing?
- The email does not contain an official CSUN email signature.
- This email asks for personal and financial information. Legitimate institutions rarely, if ever, request such sensitive information via email.
- The message uses vague language like "your paperwork is being processed" without specifying what paperwork or providing any details about the internship. Phishing emails often avoid specifics to cast a wide net.
- The content and formatting of the email lack the professionalism expected from a legitimate university or organization.
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Date: Thu, Jul 4, 2024 at 10:46 AM
Subject: Courses are at risk of cancellation
You are receiving this message because you have registered and enrolled for FALL 2024 classes, however, your registration is on Hold. Your classes are scheduled to be dropped on JUlY 10th, at 5pm.
CLICK HERE TO VIEW YOUR DROPPED COURSES NOW AND APPEAL
---End of Email---
How we know it's phishing?
- The email does not contain an official CSUN email signature.
- This email expresses urgency and pressure to the recipient to take action quickly by stating their classes are scheduled to be dropped on July 10th. Phishing attempts often use this tactic to prevent the recipient from taking time to verify the legitimacy of the request.
- The instruction to "CLICK HERE TO VIEW YOUR DROPPED COURSES NOW AND APPEAL" is a common tactic in phishing scams. The link likely leads to a malicious website designed to steal your login credentials or personal information.
- The use of all caps in "JUlY 10th" and the unprofessional wording may indicate that the email was quickly put together or not written by someone fluent in English. Legitimate organizations are usually well-formatted and proofread.
---Start of Email---
From: CALIFORNIA STATE UNIVERSITY NORTHRIDGE <csun.eduu@icloud.com>
Date: Sat, Jun 29, 2024 at 10:33 PM
Subject: The internship application for California State University Northridge
Dear Student,
We are pleased to inform you of an exciting opportunity available to you. The prestigious Bill & Melinda Gates Foundation is offering an exceptional student internship program, and you are invited to apply for the position of Data Entry Clerk. This remote internship provides a weekly compensation of $400.00 and promises to equip you with invaluable hands-on experience in technical skills, problem-solving, teamwork, and professionalism, thereby enhancing your educational journey at California State University Northridge. Designed to accommodate your schedule, this internship allows for flexible working hours. As a remote position, you can conveniently complete your tasks from the comfort of your home or campus, at your convenience. We encourage students from all departments of our institution to apply, fostering a diverse pool of talents.
The primary objective of this internship is to develop your skills while also offering financial assistance to those facing challenges with expenses, both on and off campus.
To express your interest and adhere to the Bill & Melinda Gates Foundation's guidelines and the university's policies, kindly submit your response via email to Professor David Ackerman at prof.david.ackerman@outlook.com . Please include your name, email, year of study, and department. Please note that available positions are limited, and acceptance will be granted on a first-come, first-served basis. We encourage you to act promptly to secure your place in this esteemed internship program.
Thank you for your enthusiastic interest, and we anticipate your response.
Office of the Registrar
California State University Northridge
Bill & Melinda Gates Foundation
California State University Northridge
Bill & Melinda Gates Foundation © 2024
California State University Northridge
© 2024
All Rights Reserved
---End of Email---
How we know it's phishing?
- The sender's email address, < >, is not a legitimate California State University Northridge (CSUN) domain. Official CSUN communications should come from a university domain, such as @csun.edu.
- The email asks recipients to submit personal information (name, email, year of study, department) via email. Legitimate internship applications are usually handled through official channels or secure online portals, not through an informal email request.
- The email mixes information about the Bill & Melinda Gates Foundation with CSUN in a way that feels unprofessional and unclear. Additionally, the message uses the name of a well-known professor but provides an @outlook.com email address, which is also not associated with the CSUN.
- The email combines several elements that don't fit together, such as referring to both the university and the Bill & Melinda Gates Foundation but lacking any official branding or signature. This inconsistency is a red flag.
From: < >
Sent: Sunday, Apr. 2024 at 2:52:52 PM
Subject: Undercover Store Shopper
Dear Students/Staff CSUN
An evaluator is someone whose job is to judge the quality, importance, amount, or value of something. We URGENTLY need to hire the service of 10 students and staff randomly to evaluate a few local stores.
Position: Discreet Shopper & Errand Carried out.
Type: Part-Time Job
Work Flexibility: 2days a week/ 2-3hrs to complete a task
Weekends: (Sunday OFF)
Working Hour: 4-6 hours a week
Weekly Payment: $550
Get paid for doing something you enjoy. Become a digital store shopper to make extra cash on the side. Well suited job for students/staff. Be an independent contractor and work on your own schedule. Bridge gaps in your finances and help the world be a better place by giving valuable data feedback to some of the biggest brands in the States. Send { I'm Interested } to {example1@gmail.com } using your personal email address such as gmail,hotmail,icloud,yahoo and not your school email so that you can effectively receive responses from us.
California State University Northridge Students Job Placement
Discreet Shopper Opportunity
$21-$23 per hr + Benefit
Student Employment Appreciation
---End of Email---
How we know it's phishing?
- Expresses urgency to an email that users did not expect.
- CSUN has no jobs positions that consist of a "Undercover Store Shopper". The description of the position as also suspiciously vague.
- The email claims to randomly select students and staff for the job. Legitimate job offers typically require applicants to go through a proper application and selection process.
- The email promises a high weekly payment ($550) for what seems like minimal work (4-6 hours a week). This is a tactic to lure people in with the promise of easy money.
- Email asks recipients to reply using their personal email addresses (e.g., gmail, hotmail, icloud, yahoo) instead of their school email. Legitimate organizations usually communicate through official channels.
When reporting a phishing or spam email to abuse@csun.edu, Information Technology will ask you to send the email as an attachment. Sending the email as an attachment allows Information Technology the ability to see full email headers, providing all the information needed to investigate the email. If you need instructions on how to send the email as an attachment, visit the How to Forward an Email as an Attachment page.
Phishing Examples
---Start of Message---
---End of Message---
How we know it's phishing?
- Help Center does not sent text messages to students.
- Help Center will never ask for a passcode.
- This message contains many errors such as spacing between words.
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Wednesday, March, 2024 5:01:30 AM
Subject: IMPORTANT CSUN MEMO FROM HR: ASSESSMENT REPORTS FOR FACULTY AND STAFF 2024
Hope this email finds you well.
I am pleased to inform you that the HR Department has recently finalized the Assessment Report for all staff members. It is imperative that you treat this matter with urgency.
Attached below, you will find the relevant file that contains your assessment report. Please open it to access the information.
CLICK HERE TO VIEW REPORTS
Thank you for your prompt attention to this matter.
--
Mars Cook
Undergraduate Student, Creative Writing
Peer Writing Specialist - Learning Resource Center
California State University, Northridge
---End of Email---
How we know it's phishing?
- Expresses urgency to an email that users did not expect.
- Sent at a time outside of common office hours; sent at 5:01AM
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Monday, November 6, 2023 5:23:30 PM
Subject: Email confirmation
Click here to manage your membership or unsubscribe.
---End of Email---
*Note: The original QR code has been replaced for reference purposes only.
How we know it's phishing?
- The email does not include text, it is in an image.
- This email contains grammatical errors.
- The email asks to scan an unofficial QR code.
- Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: Gxxxx , Lxxxx <xxx.xxx @csun.edu>
Sent: Sunday, January 29, 2023 7:10:29 PM
Subject: ADMINISTRATIVE ASSISTANT REMOTE JOB
Some departments are currently hiring individuals who can assist some of their visiting professors by providing basic admin duties remotely.
The successful candidate will Liaise with staff, other departments, and/or external organization concerning matters regarding assigned work as well as coordinating with the Director.
Weekly Salary:
$400 ( $350 +$50 for miscellaneous including tax)
For more Information. Contact (frank.garza### @gmail.com) with your alternative “email address” as well as your school schedule.
---End of Email---
How we know it's phishing?
- The email does not contain an official CSUN email signature.
- This email contains grammatical errors.
- The email asks to send for more information to an non-CSUN email with an alternative email address.