Spam and Phishing Scams
Phishing scams are attempts by hackers and cybercriminals to steal personal information or hijack computing resources for nefarious purposes. The most common (and most successful) phishing scams are emails that appear to come from a legitimate source (for instance; CSU, Chico Technology Help Desk, your bank, eBay, PayPal) which contain a link that directs you to equally legitimate-looking web pages. These emails almost always ask you to verify some detail about your account by going to this legitimate-looking web page and entering your account credentials or other personally-identifiable information.
If you provide personal information on these sites, you risk losses through fraudulent use of your credit cards or bank accounts, even full-blown identity theft. If you give out your CSU, Chico User Name and Password, you're giving out easy access to other people’s private information.
The reality is that no bank or other financial institution, or ITSS, is going to send this kind of request by email, because they know that it's an insecure way to transfer confidential information. These emails and websites are simply fronts for stealing your identity or using your computer's processing power to send spam. If no one ever believed them, they would stop sending them. But because there's always someone who acts on these requests, they keep coming.
Here are just a few examples of phishing attempts. https://wiki.csuchico.edu/confluence/display/help/Phishing+Scam+Attempts.
What to Look For
IF IT LOOKS SUSPICIOUS, DELETE THE MESSAGE
To avoid becoming a victim of a phishing scam, just stop and think any time you find yourself tempted to click on a link in an email.
Do NOT respond to fraudulent emails, which often do one or more of the following:
- Ask for sensitive information (e.g., click here to verify your username and password)
- Contain spelling, grammatical errors, or strange wording (e.g., thank you, from trusted administrator)
- Threaten you (e.g. do this or else your account will be deleted)
- Contain suspicious web addresses/URLs (e.g., visit the CSU, Chico page by visiting: http://www.csuchico32.com/account)
- Originate from unknown or untrusted senders (e.g., from: firstname.lastname@example.org)
- Contain unexpected/inaccurate content (e.g., you've exceeded your email quota)
- Are generically addressed (e.g., dear CSU, Chico customer)
- Ask you to download something (e.g., click here to get the necessary virus update file)
- Expresses an urgency (e.g., you must click here immediately to avoid having your account terminated)
- Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with "https://" ("s" for security) rather than the usual "http://";
Look also for a lock icon on the browser's status bar. And never, ever, volunteer your CSU, Chico User Name and Password in an email.
You can also educate yourself about identifying fraudulent messages - check out these games and quizzes for a fun way to learn more:
If you do accidentally send your CSU, Chico User Name and Password via email, immediately change your password using CSU, Chico Account Tools or call the Technology Help Desk at (530) 898-HELP (4357) so they can take action to prevent problems.