SJSU is a regular target of "phishing" schemes; e-mailed attempts to trick employees and students into revealing usernames and passwords to unknown third parties. These e-mail messages may be simple and primitive, or they may be skilled forgeries based on real e-mail notifications.
How do you recognize a "phishing" scheme?
Phishing schemes ask for confidential personal data, like your password, in e-mail.
Phishing schemes often threaten immediate penalties for not following their instructions.
Phishing schemes often ask you to reply to an address that isn't associated with SJSU or the agency the message claims to be from.
Phishing schemes often supply a web link that appears to be an SJSU link, but connects to a different website when it opens in your browser.
What doesn't SJSU (and other legitimate agencies) do via e-mail and the web?
SJSU does not send automated messages asking for your username and password. Internet mail distribution is not secure enough to be trusted for this purpose.
SJSU does not request passwords using unsecured web pages or non-University web pages. All web password requests should be at an address that starts with "https://" (note the letter "s") and that includes "sjsu.edu/" in the server name. Please check the "Address" line in your browser for mismatches or fraudulent typos when you open a web page.
SJSU does not send automated system warning messages that require immediate response to avoid immediate penalties. SJSU automated system warnings ideally provide a reasonable time in which to respond, and will tell you how many days or weeks in which you have to respond.
SJSU does not implement automatic notification tools without informing the helpdesks and desktop support technicians.
Some resources to use in education about phishing attempts:
