Spam and Phishing Scams

Phishing scams are attempts by hackers and cyber-criminals to steal personal information or hijack computing resources for nefarious purposes. The most common (and most successful) phishing scams are emails that appear to come from a legitimate source (for instance; CI's T&C Help Desk, your bank, eBay, PayPal) which contain a link that directs you to  equally legitimate-looking web pages. These emails almost always ask you to verify some detail about your account by going to this legitimate-looking web page and entering your account credentials or other personally-identifiable information.

If you provide personal information on these sites, you risk losses through fraudulent use of your credit cards or bank accounts, even full-blown identity theft. If you give out your CI Dolphin User Name and Password, you're giving out easy access to other people’s private information.

The reality is that no bank, financial institution, or T&C, is going to send this kind of request by email, because they know that it's an insecure way to transfer confidential information. These emails and websites are simply fronts for stealing your identity or using your computer's processing power to send spam. If no one ever believed them, they would stop sending them. But because there's always someone who acts on these requests, they keep coming.

 Here are just a few examples of phishing attempts.

What to Look For...

IF IT LOOKS SUSPICIOUS, DELETE THE MESSAGE

To avoid becoming a victim of a phishing scam, just stop and think any time you find yourself tempted to click on a link in an email.

Do NOT respond to fraudulent emails, which often do one or more of the following:

  • Ask for sensitive information  (e.g., click here to verify your username and password)
  • Contain spelling, grammatical errors, or strange wording  (e.g., thank you, from trusted administrator)
  • Threaten you  (e.g. do this or else your account will be deleted)
  • Contain suspicious web addresses/URLs   (e.g., visit the CSU Channel Islands page by visiting: http://www.csuci32.com/account)
  • Originate from unknown or untrusted senders  (e.g., From: administrator@csuci31.com)
  • Contain unexpected/inaccurate content   (e.g., you've exceeded your email quota)
  • Are generically addressed  (e.g., dear CSU, Channel Islands customer)
  • Ask you to download something   (e.g., click here to get the necessary virus update file)
  • Expresses an urgency  (e.g., you must click here immediately to avoid having your account terminated)
  • Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with "https://" ("s" for security) rather than the usual "http://";

Look also for a lock icon on the browser's status bar. And never, ever, volunteer your CSU Channel Islands Dolphin User Name and Password in an email.

You can also educate yourself about identifying fraudulent messages - check out these games and quizzes for a fun way to learn more:

If you do accidentally send your CI Dolphin User Name and Password via email, immediately change your password using the myCI password reset tool or call the T&C Help Desk at (805) 437-8552 so they can take action to prevent problems.

 

Additional tips to help protect you...

1.  Never respond to emails that request personal financial information

You should be suspicious of any email that asks for your password or account information, or includes links for that purpose. Banks and e-commerce companies don't usually send such emails.

2.  Look for signs that an email is “phishy”

Phishing emails usually use a generic greeting, such as “Dear valued customer,” because the email is spam and the phisher doesn't have your name. They may also make alarming claims (e.g., that your account numbers have been stolen or lost). The email often includes misspellings or substitute characters (e.g., “1nformati0n”) in an attempt to bypass anti-spam software.

3.  Visit bank websites directly by typing the address into the address bar

Don’t follow links embedded in an unsolicited email. Phishers often use these to direct you to a bogus website. Instead, you should type the full address into the address bar in your browser.

4.  Keep a regular check on your accounts

Regularly log in to your online accounts and check your statements. If you see any suspicious transactions, report them to your bank or credit card provider.

5.  Make sure that the website you are visiting is secure

Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with https:// (“s” stands for secure) rather than the usual http://. Also look for a small padlock icon on the browser’s status bar. These signs tell you that the website is using encryption.

However, even if a site is secure, there is no guarantee that it is safe because hackers can create websites that use encryption that are designed to steal personal information.

6.  Be cautious with emails and personal data

Always conduct transactions safely. Don’t let anyone know your PINs or passwords, do not write them down, and do not use the same password for all your online accounts. Don’t open or reply to spam emails as this lets the sender know that your address is valid and can be used for future scams.

7.  Keep your computer secure

Anti-spam software will prevent many phishing emails from reaching you. A firewall also helps to keep your personal information secure and block unauthorized communications. You should also run antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your Internet browser up to date with the latest security patches.

8.  Always report suspicious activity

If you receive an email you suspect is not genuine, forward it to the Information Security Office at infosec@csuci.edu and to the T&C Helpdesk at helpdesk@csuci.edu

 

©