Spotting a Phishing Attempt

What You Need to Know

How to Spot a Phishing Attempt

Phishing, a security threat that is never far away.

  • During a phishing attack, a scammer disguises their email to look like a legitimate message from a colleague or company in an attempt to trick you.
  • The goal of the phishing email is to have you click on a link or open an attachment that will ask you for sensitive or confidential information.
  • Phishing emails often:
    • Ask for confidential personal information or credentials.
    • Threaten immediate penalties for not following their instructions.
    • Ask you to reply to an address that isn't associated with SJSU.
    • Provide a link that appears to be a SJSU link, but connects to a different website when it opens in your browser.

What You Need to Do

Sign up for DuoTwo-Factor Authentication (2FA)

  • Duo 2FA helps keep your account safe.
  • It helps protect you when somebody attempts to access your account through Okta single sign-on or other Duo-integrated apps (such as a VPN client).
  • Visit our Multi-Factor Authentication page for more information.

Impersonation Alerts

Screenshot of a phishing email with a warning from Gmail.

  • Impersonation alerts automatically help remind you to be vigilant about suspicious emails.
  • They are available on the Gmail website and in the Gmail apps for iOS and Android.
  • Impersonation alerts work best when you’re using your SJSU email account for university-related communication.

Stay Vigilant

  • The single best way to protect yourself is to stay vigilant and use common sense.
  • Often phishers will impersonate figures of higher authority, like your boss, your teacher or the head of your organization.
  • But if you ask yourself, “When’s the last time the President emailed me directly?” and the answer is “Never,” that should raise a red flag.
  • Bad grammar, poor punctuation, misspelled words, and funny looking email addresses should also raise a red flag.
  • If you see these kinds of suspicious emails, or have any concerns at all, its better to be safe than sorry! Use the Report Phishing feature in Gmail.

What Happens if You Don’t Act

Phishing email or falling victim to a phishing attack has a massively damaging effect on productivity, data loss, and reputational damage. Please stay vigilant!

Additional Resources

Education yourself about Phishing Schemes

Support: Need Help or Have Questions

Open a help ticket.