COVID-19
View the latest updates on the COVID-19 News & Information website.
Information Security

Phishing

What is Phishing?

Phishing is the act of sending an email to a user falsely claiming to be an established enterprise in attempt to scam the user into giving up private information for identity theft.

How to Spot a Phish:

  • The person that sent the email has the same name as someone at Chico State, but the email address does not end in csuchico.edu.
  • The URL shown on the email and the URL that displays when you hover over the link are different from one another.
  • The website is not secure. If you do go ahead and click on the link of an email to fill out personal information, be sure you see the “https” abbreviation as well as the lock symbol at the beginning of the URL. If not, that means any data you submit is vulnerable to cybercriminals.
  • The “From” address is an imitation of a legitimate address, especially from a business. For example, you could expect to receive campus email from csuchico.edu but email from csuchico.com is likely a phish.
  • The email, text, or voicemail is requesting that you update/fill in personal information. This is especially dubious if it’s coming from a bank or the IRS. Treat any communication asking for your credentials with extra caution.
  • The formatting and design are different from what you usually receive from an organization. Maybe the logo looks pixelated or the buttons are different colors. Or possibly there are weird paragraph breaks or extra spaces between words. If the email appears sloppy, you should be suspicious.
  • The content is badly written. Sure, there are plenty of wannabe writers working for legitimate organizations, but this email might seem particularly amateur. Are there obvious grammar errors? Is there awkward sentence structure, like perhaps it was written by a computer program or someone whose second language is English? Take a closer look.
  • A phishing email almost always sounds desperate. Whether they’re claiming that your account will be closed, an urgent request is needed, or your account has been compromised, think twice before double-clicking that link or downloading that attachment.
  • The email contains attachments from unknown sources that you were not expecting. Don’t open them, plain and simple. They might contain malware that could infect your system.

How to Deal with a Phishing Scam

  • Forward suspicious emails for us to analyze.
  • Delete emails and messages that ask you to confirm or provide personal information.
  • Do not reply, click on the links, or provide any sensitive information/user credentials.