How to Spot a Phishing Attempt
Recent Phishing Targeting Student Email Accounts
The United States Department of Education Federal Student Aid office has identified a malicious phishing campaign that may lead to potential fraud with student refunds and aid distributions. Be vigilant when opening emails from unknown or suspicious senders.
Below is an example of a phishing email:
What is Phishing?
Phishing emails are targeted attacks that take advantage your personal information. These emails pose a unique threat, as their high level of customization can lead them past even the best technical controls. By taking a proactive stance, we hope you’ll learn to spot and report potentially dangerous emails so we can keep our university safer.
- Ask for confidential personal information or credentials
- Often threaten immediate penalties for not following their instructions
- Often ask you to reply to an address that isn't associated with SJSU
- Provides a link that appears to be a SJSU link, but connects to a different website when it opens in your browser
SJSU does not use email for the following:
- SJSU does not send automated messages asking for your username and password.
- SJSU does not request passwords using unsecured web pages or non-university web pages. All web password requests should be at an address that starts with https://(note the letter 's') and that includes sjsu.edu/ in the server name. Please check the URL address line in your browser for mismatches or fraudulent typos when you open a web page.
- SJSU does not send automated system warning messages that require immediate response to avoid immediate penalties. SJSU automated system warnings ideally provide a reasonable time in which to respond, and will tell you how many days or weeks in which you have to respond.
- SJSU does not implement automatic notification tools without informing the IT Service Desk and Desktop Support Technicians.
Phishing Awareness Program
It seems like every time you read the news, another organization has suffered a data breach. One of the most effective ways for attackers to gain unauthorized access to an organization is through phishing emails. In fact, 91 percent of all breaches start with one of these emails, according to industry experts.
If such an email lands in one of our inboxes, you may be a click away from compromising San Jose State University’s security. To help prevent phishing attacks from being successful, the Office of Information Security has created an immersive Phishing Awareness Program for the Campus Community.
As part of this new program, you will periodically receive simulated phishing emails that imitate real attacks. These emails are designed to give you a realistic experience in a safe and controlled environment that does not put the university at risk for a security breach. You will become familiar and more resilient to tactics used in real phishing attacks.
While there is no penalty if you fail to recognize one of the simulation emails, we will provide you with 30 to 60-second videos and other educational material that will help you to recognize phishing emails in the future.
As the program progresses you should be able to better spot phishing attacks, both at home and in the workplace.
If you have any questions about this training program, please contact: Information Security Office at firstname.lastname@example.org or call (408) 924-1530.
Report Phishing Emails
Although your first instinct might be to delete or ignore suspicious emails, please report them. If you ever suspect an email to be a phishing attack, use the "Report Phishing" and "Report Spam" buttons inside Google. If you think you have been compromised, email the Information Security Office at email@example.com or call (408) 924-1530. If you’ve been targeted by a phisher, chances are your coworkers have been too. By reporting suspicious emails, you can keep our campus safer.
You can also report phishing scams to the federal government using this address: firstname.lastname@example.org.
Phishing and Spam Resources
These links provide useful information about phishing.
- Email and web scams: How to help protect yourself
- Anti-Phishing Working Group
- SonicWALL Phishing IQ Test offers a fun, informative quiz to test how well you distinguish between email schemes and legitimate email.
- Phishing (Wikipedia)
Spartan Google Tips
IT offers several Spartan Google Tips about phishing and spam: