Security Blog

Security Alert!

CSUN Email Security Update (March 13, 2026) – Student FAQ

CSUN has implemented additional email security protections to help reduce phishing scams, malicious links, and fraudulent messages targeting students. These protections run automatically in the background to help keep your CSUN account and personal information safe.

What is changing with CSUN email security?

CSUN has implemented new email security protections using Proofpoint, an industry-standard email security system used by many universities and organizations. The system helps detect and block phishing messages that attempt to steal CSUN credentials, scam emails such as fake job offers, malicious links or attachments, and messages sent from suspicious sources. These protections operate automatically and students do not need to install anything or change their settings.

Why am I seeing longer links in emails?

You may notice that some links in emails appear longer and may include text such as “urldefense.proofpoint.com.” This is part of Proofpoint’s link protection system. When you click a link in an email, the system first checks the link for safety. If the destination is safe, you are automatically redirected to the intended website.

Will the link still take me to the correct website?

Yes. Although the link may appear different, it will redirect you to the correct website after it has been checked for safety.

What does the “External Sender” warning mean?

Some messages may include a banner indicating that the email came from an external sender. This means the message originated from outside the CSUN email system. Many legitimate messages come from external senders, but scammers often impersonate universities and other trusted organizations. The banner is intended to remind recipients to review messages carefully before clicking links or sharing information.

Why is CSUN implementing these protections?

Students are frequently targeted by email scams that attempt to steal login credentials or financial information. Common scams include fake campus job offers, emails asking students to verify their accounts, messages impersonating professors or administrators, and links that lead to websites designed to collect CSUN usernames and passwords. These protections help reduce the number of malicious emails that reach student inboxes.

What is phishing?

Phishing is a type of scam in which an attacker sends a message that appears legitimate in order to trick someone into revealing sensitive information or performing an action. These messages may attempt to persuade recipients to enter their username and password, click malicious links, download malware, or provide personal or financial information. Phishing messages often appear to come from trusted organizations such as universities, banks, or employers.

What should I do if I receive a suspicious email?

If a message appears suspicious, do not click any links or open attachments. You should report the message to abuse@csun.edu so the security team can investigate it and help protect other members of the CSUN community.

What are common student scams?

Students are often targeted with scams that promise easy income or request login credentials. Examples include fake job offers that claim students can earn money working from home, messages asking students to verify their accounts or reset their passwords through a provided link, and messages requesting gift cards or financial transfers. Any email asking for your password, Duo approval, or financial information should be treated with caution.

What should I do if I clicked a suspicious link?

If you clicked a link and entered your CSUN username and password on a website and are not sure the site was legitimate, you should change your password immediately. You can do this by visiting the IT Help Center webpage and selecting Change Your Password. You should also avoid approving any Duo prompts that you did not initiate and report the incident to abuse@csun.edu.

Will legitimate emails ever be blocked?

Occasionally, a legitimate email may be filtered or flagged by the security system. If you are expecting an email and do not receive it, you may contact the IT Help Center for assistance.

Does this system read my emails?

The email security system automatically analyzes messages for security threats such as spam, phishing attempts, and malicious links. It does not read emails.

Do I need to install anything?

No action is required from students. All protections are applied automatically to your CSUN email account.

How can I stay safe from email scams?

You can reduce your risk by being cautious when reviewing unexpected emails. Avoid sharing your password with anyone, be skeptical of unexpected job offers or requests for money, review the sender carefully, and report suspicious messages to the CSUN security team.

Where can I get help?

Contact the IT Help Center. Suspicious emails can be reported to abuse@csun.edu.

Southern California Wildfire-Themed Scams

DATE(S) ISSUES:
1/20/25

SUBJECT:

Cybercriminals exploiting Southern California wildfires for phishing and scams

OVERVIEW:

Cybercriminals are leveraging the ongoing Southern California wildfires to conduct phishing attacks and scams. These scams appear in emails, text messages, QR codes, phone calls, voicemails, and fraudulent crowdfunding or fundraising campaigns on social media. Threat actors quickly incorporate fire-related themes into their phishing lures, impersonating property inspectors, building contractors, and government agencies offering aid. Some even claim to help replace identification documents, aiming to steal money and personal information.

USERS AFFECTED:

  • Fire victims
  • Homeowners
  • Donors
  • Organizations

RISK:

  • Identity theft
  • Financial loss
  • Fraudulent aid scams
  • Charity donation scams

PREVENTION TIPS:

  • Verify Requests – Independently confirm any financial or personal information requests by contacting official agencies directly.
  • Enable Security Measures – Use multi-factor authentication (MFA) and email filtering to detect phishing attempts.
  • Report Suspicious Activity – If you suspect fraud, report it to the Federal Trade Commission (FTC) or local authorities.
  • Stay Informed – Monitor official emergency websites and trusted news sources for legitimate aid and updates.


REFERENCES:

fema.gov:

Wildfire Survivors: Beware of Stolen Identity Fraud and Other Disaster Recovery Scams and Deceptions

 

Network-Connected Wrench Vulnerability

DATE(S) ISSUED:

1/11/24

SUBJECT: 

Vulnerability in a network-connected wrench having potential safety issues

OVERVIEW:

Security researchers from Nozomi have discovered 23 vulnerabilities in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B, a cordless wrench used in factories worldwide for precise torque applications. The device connects wirelessly to local networks, allowing engineers to tighten bolts accurately. Exploiting these vulnerabilities could enable hackers to install malware, potentially leading to the sabotage or disabling of the wrenches, causing safety and reliability issues. Bosch Rexroth has acknowledged the vulnerabilities and is working on a patch scheduled for release at the end of January 2024.

USERS AFFECTED:

  • Consumers
  • Factories
  • Organizations

RISK:

  • Safety Risks
  • Sabotage of Manufacturing Processes
  • Malware Installation
  • Operational Disruption
  • Data Security Concerns

REFERENCES:

 

arstechnica.com:

Hackers can infect network-connected wrenches to install ransomware

Critical  iOS fixes - Patch your Apple Devices Now (12/2/23)

DATE(S) ISSUED:

11/30/23

SUBJECT: 

iPhone Security Flaws

OVERVIEW:

Apple has released iOS 17.1.2, along with a warning to update now. iOS 17.1.2 fixes two iPhone security flaws—both of which are already being used in real-life attacks. There is also an update to MacOS and Safari for older Macs. Here is the link to the Apple Security Page.

USERS AFFECTED:

  • Any person who owns an Apple device(s)

RISK:

  • Any user clicking on the "malvertisements" or ads containing malware are subject to the installation of malware on their device

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Update Apple devices as soon as possible including iPhones, MacOS, and Safari for older Macs.

REFERENCES:

support.apple.com:

Apple security releases - Apple Support

Malicious Google Ads Installing Malware

DATE(S) ISSUED:

11/20/23

SUBJECT: 

Malicious Google Ads Trick WinSCP Users into Installing Malware

OVERVIEW:

Beware of a sophisticated cyber threat known as SEO#LURKER! Cybersecurity experts have uncovered a malicious scheme targeting users searching for WinSCP. Attackers manipulate search results and Google ads to lure unsuspecting individuals into downloading malware instead of legitimate software. These deceptive ads redirect to compromised websites, leading to a fake WinSCP site where a seemingly genuine installer hides malicious Python scripts. Victims, particularly in the U.S., are targeted through geoblocking. This tactic isn't new; similar attacks have targeted PyCharm users. 

USERS AFFECTED:

  • Users exposed to and clicking on lookalike WinSCP website, winccp[.]net.

RISK:

  • Any user clicking on the "malvertisements" or ads containing malware are subject to the installation of malware on their device

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Before clicking on an ad, confirm that it is legitimate
  • If you are unsure an ad is legitimate, search for the ads official website and continue from there
  • Report ad to google if it is suspicious

REFERENCES:

thehackernews.com:

https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html?m=1