Thanksgiving Recess

Contact Us

CSUN Information Technology


Monday to Friday, 8am to 5pm

Faculty Technology Center
(818) 677-3443

IT Help Center
(818) 677-1400

Information Security
(818) 677-6100

Universal Design Center
(818) 677-5898

Classroom Support
(818) 677-1500

Send email

Check our social media for changes and updates.

  

instagram icon Twitter  

Spear Phishing Bulletin

Financially Focused Spear Phishing 

Spear phishing is another form of phishing that targets specific people, threat actors target organizations and companies in an attempt to retrieve sensitive information. Threat actors have utilized social engineering as their main tool to get the user to allow them to view sensitive information. Since September 2019, the Cal-CSIC (California Security Integration Center) has collected several cases of spear phishing that were used to conduct fraudulent financial actives. For more information on other phishing tactics visit Anti-Phishing

Threat actors use various tactics and techniques for financial gain: ransomware, ATM fraud, card skimming, and financially motivated attacks. 

Tactics used by Threat Actors 

  • Actors open "fake" email accounts using Google, ProtonMail, Yandex, iCloud, etc. 
  • The actors will create a fake email using fake or captured information requesting an urgent change in payroll information or allotment information.
  • The emails sent by these actors will contain several grammatical errors indicating their illegitimacy as real emails. 

Examples are shown below:

Spear Phishing Email Example
  • Copies of blank checks will have incorrect character typeset ex. different font, bolded text, name placement, and malformed checked number.
Spear Phishing Example Blank Check
  • Direct Deposit or change request lacks information such as social security number or financial institution address.
Spear Phishing Direct Deposit Example

Spear Phishing Vs. Phishing

Spear Phishing can be confused with phishing; however, the main difference between the two are the targets. Phishing targets masses of people in the hopes that someone will share their information, while spear phishing targets certain people and organizations. The threat actor will send emails based on the interests of the person they are trying to phish. Due to spear-phishing targeting a certain person, the emails they send might be difficult to identify.  

How To Minimize Risk for Spear Phishing 

  • Ensure the sender's name and email are correct (hover the mouse over an email address to view the actual sender's address).
  • Review email for grammatical errors.
  • Review financial institution information for completeness and correctness.
  • Review personally identifiable information such as SSN and review signature against current records. 
  • If the phishing email is from someone you know check with them to validate the email (Phone call or in person).

Actions You Can Take

  • Do NOT respond to a questionable sender. 
  • Immediately report suspicious requests to your Information Security Officer.
  • Report the incident to abuse@csun.edu (Foward original email as an attachment)

Contact Us

CSUN Information Technology


Monday to Friday, 8am to 5pm

Faculty Technology Center
(818) 677-3443

IT Help Center
(818) 677-1400

Information Security
(818) 677-6100

Universal Design Center
(818) 677-5898

Classroom Support
(818) 677-1500

Send email

Check our social media for changes and updates.

  

instagram icon Twitter  
Scroll back to the top of the page