Spam and Phishing Scams
Phishing scams are attempts by hackers and cybercriminals to steal personal information or hijack computing resources for nefarious purposes. The most common (and most successful) phishing scams are emails that appear to come from a legitimate source (for instance; CSU, Chico Technology Help Desk, your bank, eBay, PayPal) which contain a link that directs you to equally legitimate-looking web pages. These emails almost always ask you to verify some detail about your account by going to this legitimate-looking web page and entering your account credentials or other personally-identifiable information. If you provide personal information on these sites, you risk losses through fraudulent use of your credit cards or bank accounts, even full-blown identity theft. If you give out your CSU, Chico User Name and Password, you're giving out easy access to other people’s private information.
Remember, Chico State will NEVER ask you for your password via email! IF IT LOOKS SUSPICIOUS, DELETE THE MESSAGE.
If you do accidentally send your CSU, Chico User Name and Password via email, immediately change your password using CSU, Chico Account Tools or call the Technology Help Desk at (530) 898-HELP (4357) so they can take action to prevent problems.
You can educate yourself about identifying fraudulent messages - check out these games and quizzes for a fun way to learn more:
Here are just a few examples of phishing attempts directed at CSU, Chico users.
Phishing Website Example
Look also for a lock icon on the browser's status bar. And never, ever, volunteer your CSU, Chico User Name and Password in an email.
Phishing Email Example
Do NOT respond to fraudulent emails, which often do one or more of the following:
- Ask for sensitive information (e.g., click here to verify your username and password)
- Contain spelling, grammatical errors, or strange wording (e.g., thank you, from trusted administrator)
- Threaten you (e.g. do this or else your account will be deleted)
- Contain suspicious web addresses/URLs (e.g., visit the CSU, Chico page by visiting: http://www.csuchico32.com/account)
- Originate from unknown or untrusted senders (e.g., from: email@example.com)
- Contain unexpected/inaccurate content (e.g., you've exceeded your email quota)
- Are generically addressed (e.g., dear CSU, Chico customer)
- Ask you to download something (e.g., click here to get the necessary virus update file)
- Expresses an urgency (e.g., you must click here immediately to avoid having your account terminated)
- Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with "https://" ("s" for security) rather than the usual "http://";