Information Security Updates

Stay up to date with Informatiion Security

How to Identify and Report Phishing Scams

 

Avoid Phishing Emails, Fake Alerts and Phony Support Calls

 

Phishing is the act of fraudulently obtaining personal information. Fake emails, pop-up ads and phone calls are used to trick us into sharing personal information.  If you see a message while browsing the web that your computer has a virus or someone claiming to be from technical support calls and asks for personal information, you’re likely the target of a scam.  

 

Please refer to the tips noted below to avoid phishing emails and scams.

 

Display Name Spoofing.  Check the email address of the sender.

Fake emails display the name of a key contact or someone you know, but the email address is incorrect. Check the full email address rather than looking only at the display name. 

 

For example: Last year some employees received a fake email supposedly sent by our own President Castro. The spoofed display name was “ joseph I castro “. Upon closer inspection, the sender’s email address “<presidentjic.csufresno.edu@gmail.com>” was incorrect.

 

At times, you can determine if a message is phishing or spam by closely looking at the sender’s email address.  If the sender's email address is hidden, has a bunch of numbers or is from a domain you don't recognize (the part after the "@") then the email is likely phishing or spam.

 

Pop-up Alerts or Ads

When you browse the web, you might see a pop-up ad or a page warning you about a problem with your computer. The pop-up might appear to be from a legitimate company, but is in fact a fake.These fake alerts and pop-ups are designed to trick you into calling a phony support number or buying an app that claims to fix the issue. Don’t call the number. Simply close the browser window. 

 

Suspicious Phone Calls or Voicemails

Scammers use sweet talk and fear to pressure you into giving them information. Always verify the caller's identity before you provide any personal information.  

 

Phishing Emails and Text Messages 

Scammers use email that appears to be from legitimate companies to trick you into entering personal information.  Never follow links or open attachments in suspicious or unsolicited messages. If you need to change or update personal information, contact the company directly. 

 

Did you know? 

  • Emails from a VIP asking to do an urgent wire transfer or buy some gift cards are scams!
  • No one from Microsoft or Apple is going to call you about your computer that has a virus!
  • The IRS isn't going to call you and threaten legal action, unless you pay them using gift cards!

These signs can help you identify phishing scams:

  • The message always has a sense of urgency.
  • The message requests personal information, like an account password or credit card number.
  • The message is unsolicited and contains an attachment.
  • The message requests you purchase gift cards as payment.
  • The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.

 

Do not react to scare tactics. 

All of these attacks rely on scare tactics to manipulate the recipient, such as lawsuits, computer viruses or missing out on a great interest rate. Don't fall for it!

 

Practice common sense.

If something seems suspicious it probably is and should be treated with caution. If you are ever uncertain, please contact the Technology Service Desk at 278-5000 for assistance.

 

How to report phishing attempts and other suspicious messages:

To report a suspicious email, forward the message to Technology Services – Information Security (reportphishing@csufresno.edu) - with complete information. This email address is monitored by the Information Security team, but you might not receive a reply to your report.

 

In Google Mail:

  • Open the message you would like to view
  • Click the three vertical dots " " next to reply
  • Select “Show original” - the original message will show in a new browser tab
  • Click the "Copy to Clipboard" button to copy the entire message
  • Close the browser tab containing the original message
  • Compose a new email message and add the "To" address (e.g. reportphishing@csufresno.edu  )
  • Paste the copied text into the new message
  • Send the message

 

How to mark phishing and other suspicious messages as spam in Gmail:

Within Google Mail:

  • On a computer, go to Gmail.
  • Open the message.
  • Click the three vertical dots " " next to reply.   Note: If you are using classic Gmail, click the Down arrow.
  • Click Report phishing.

 

Visit our Information Security page for additional information on how to report phishing attempts or other suspicious messages. 

 

Sincerely,
Technology Services - Information Security

 

Past Updates 

Data Privacy Day

Data Privacy Day is January 28, 2020.  Data Privacy Day is an international effort to empower individuals and encourage organizations to respect privacy, safeguard data and enable trust.

 

Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and organizations to act.

 

Tips for protecting your privacy rights 

  • Know your privacy rights so you understand when something doesn’t seem right and where you can go for help. 
  • Ask why your information is being collected so you understand how it will be used. 
  • Read privacy policies and collection notices to make sure you’re comfortable with how your information will be used. Read Fresno State’s Online Privacy Notice at http://www.fresnostate.edu/home/online-privacy-notice.html 

Personal information is like money.  Value it.  Protect it.

Your mobile devices (e.g. smartphones, laptops, wearables, etc.) are always within easy reach everywhere you go and those devices have or share substantial information about you.  Follow these basic privacy tips to help you better manage your personal information.

  • Secure your devices: Use strong passphrases, passcodes or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.
  • Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps.
  • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.
  • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.

Keep A Clean Machine

  • Keep your mobile phone and apps up to date: Your mobile devices are just as vulnerable as your PC or laptop. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
  • Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.

Update Your Privacy Settings

  • Want to view or change your privacy/security settings on your device or online service, but don’t know where to find them for your device?  Use the direct links from your vendor’s device and online service to update your privacy settings.