Information Technology

Skip to Content

User menu

Navigation

Main menu (IT)

Phishing Examples 2014

CSUN FACULTY & STAFF DISCOUNT

---Start of Email---

Reported: October 21, 2014
Email:
Date: Tuesday, October 21, 2014
Subject: CSUN FACULTY & STAFF DISCOUNT (1)

Good Morning,

You Have 1 New Message Regarding CSUN Faculty and Staff discount 

Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=discount (link has been removed) (2)

Click Here To Read (link has been removed)

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons. (3)

--End of Email---

  1. This one is a very good phishing email, or at least the body is. The subject header is in all capitals, which is a typical red flag.
  2. Email from CSUN tech support always come with a case number and contact information. While the tracking URL is something we have used, please be advised that email from CSUN Tech Support will also include a case number of some sort.
  3. This email is supposedly about faculty and staff discounts yet it includes a line about resetting your password. This is a red flag. 

 

Unpaid Invoic (.pdf)

---Start of Email--

Reported: October 15, 2014
Email:
Date: October 15, 2014
Subject: Unpaid Invoic

Email example noted in this ,pdf alert sent by the National Cybersecurity and Communications Integration Center http://www.csun.edu/sites/default/files/unpaid-invoic-example-101514.pdf (.pdf) (1)

--End of Email---

  1. What follows is a report about a phishing email sent out to multiple government agencies. The link to the PDF is a link to the report done by the National cybersecurity and communications integration. The .pdf example below includes the actual wording from the email received. Review the document to see why this email was suspicious. 
  2. Also note that the actual email's subject line of "Unpaid Invoic" is not spelled correctly. This is an immediate red flag. 

 

IT Help Center :- Good Morning

---Start of Email---

Reported: October 15, 2014
Email:
Date: Wednesday, October 15, 2014
Subject: It Help Center :- God Morning

Good Morning, (1)

CSUN email delivery to several CSUN faculty and staff mailboxes, including your mailbox, was temporarily disrupted yesterday, Tuesday, October 14 2014 between 4:00am and 9:45 am. (2) Consequently, messages sent to your CSUN email account between those hours may have been delivered to a sub-folder under your email account named "Sync Issues/Server Failures," instead of your Inbox. To view these messages, please follow the link included below. 

Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=1unreadmessage (link has been removed)

Click Here To Read (link has been removed)

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

---End of Email---

This email goes out of its way to seem legitimate. 

  1. This email is not addressed to you specifically. Generic greetings, while not a sure sign of a phishing attempt, are definitely reasons for suspicion. 
  2. This email is stating that something took place the previous day. If such an event did not take place then this should immediately raise a red flag. 
  3. This is something you can check. If you see the cc list in the email, or just see who it was sent to, see if it was sent to you specifically or if it was sent to a mailing list. You should still be suspicious even if it WAS sent to an official CSUN mailing list, but a discrepancy like this is something to watch out for.

 

Tech Support :-  [CASE #4298000]

---Start of Email---

Reported: October 14, 2014
Email:
Date: Tuesday, October 14, 2014
Subject: Tech Support :- [Case #4298000](1)

Dear Member, (2)

You have a new request and your case number is 4298000. Your request has been submitted to our Support team and one of our staff members will process your request as soon as possible. 

Listed below are details of this case. 

Case: New 365 Update 
Case#: 4298000 (3)
Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=349400&ck=4zBXVHG2 (link has been removed)

Click Here To Read

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

Regards,

IT Help Center.

California State University, Northridge ® . (4)
18111 Nordhoff Street, Northridge, CA 91330 

---End of Email---

  1. Another email that seems to do a really good job at imitating tech support cases from CSUN. Ask yourself if such a case could actually exist.
  2. As before, be wary of emails that address you informally or generically. Typically speaking, emails from CSUN tech support will address you personally.
  3. It seems to very closely mimic the format typical of our case updates. If you are unfamiliar with a case being made in your name, do not hesitate to actually contact the IT Help Center with the case number given to you.
  4. The signature line of this email is not typical of what the campus would use.

 

Avoid Fraudulent Email Messages

---Start of Email---

Reported: October 5, 2014
Email:
Date: Sunday, October 5, 2014
Subject: Avoid Fraudulent Email Messages

Dear Member, (1)

CSUN faculty and staff continue to be targeted by fraudulent email messages. We are taking actions to help reduce the effects of these "phishing" email attacks. As an example, CSUN implemented a solution that checks incoming email from off-campus accounts with web links with fraudulent characteristics. If the solution detects fraudulent characteristics, and the user clicks one of these links, they will be directed to a page indicating the website has been blocked. 

CSUN also implemented a solution that specializes in detecting and preventing incoming phishing attacks from non-CSUN email addresses has been implemented and now blocks approximately 60,000 fraudulent messages every month.

We have upgraded our CSUN account database and we are providing a security system to prevent all CSUN account users from spammers and hackers. (2)

Due to This All Faculty & Staff users are subject to a 365 Online Upgrade. 

Tracking URL: https://techsupport.csun.edu/verification.jsp?ci=349447&ck=4zBXVHG2 (link has been removed)

Click Here To Begin (link has been removed) (3)

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-627-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

---End of Email---

  1. Be careful of any email that addresses you informally and vaguely. Additionally, incidents that affect the campus as a whole will typically also end up on Current Service Interruptions page. If you have questions about an email, please contact the IT Help Center.
  2. Vague “upgrades” to the system should raise red flags. Upgrades happen all the time. They do not require you to validate your account.
  3. This email included a link that was removed in this example. Do not click on any links unless you can verify its source. 

 

Tech Support :- Case Number [CASE #4298431]

---Start of Email---

Reported: October 3, 2014
Email:
Date: Friday, october 3, 2014
Subject: Tech Support:- Case Number [CASE#4298431](1)

You have a new request and your case number is 4298431. Your request has been submitted to our Support team and one of our staff members will process your request as soon as possible. (2)

Listed below are details of this case. 

Case: migration to Office 365 
Case#: 4298431 (3)
Tracking URL: https://techsupport.csun.edu/supportcasedt.jsp?ci=349447&ck=4zBXVHG2  (link has been removed). Click Here To Read (link has been removed).

Forgot your password? To reset your password, please visit www.csun.edu and click on the "forgot password" link under the myNorthridge Portal Login drop-down menu. You may also call 818-677-1400 or visit the IT Help Center in the Oviatt Library, First Floor, Learning Commons.

---End of Email---

  1. This is another email that seems to do a really good job at imitating tech support cases from CSUN. Ask yourself if such a case could actually exist.
  2. Be wary of emails that address you informally or generically. Typically speaking, emails from CSUN tech support will address you personally.
  3. It seems to very closely mimic the format typical of our case updates. If you are unfamiliar with a case being made in your name, do not hesitate to actually contact the IT Help Center with the case number given to you.

 

CSUN Technical Support

Reported: October 3, 2014
Email:
Date: Friday, October 3, 2014
Subject: CSUN Technical Support

You have a new request (1)
and your case number is 4298431. (1)

Click Here To view message. (link has been removed)

California State University, Northridge ®
18111 Nordhoff Street, Northridge.

---End of Email---

  1. This email is extremely vague. With these sorts of emails, we recommend that you contact the IT Help Center with the case number provided to see if it is legitimate or not.

 

Your Email Account

---Start of Email---

Reported: October 2, 2014
Email:
Date: Thursday, October 2, 2014
Subject: Your Email Account

Attention CSUN Email User (1)

Your Incident ID is: 170329 

This is an automated message to notify you that our technical team detected an attempt to access your email account from an unrecognized device on Monday, October 1, 2014 22:33 PM BET. 

Location: Asia, Malaysia 
IP Address: 89.187.182.01 

Was this You? If yes kindly ignore this message. 
If this wasn't you , We recommend that you CLICK HERE (link has been removed) to fill in details and register your current IP address in our database, as this will improve security in your email account and also against any further spam or virus contained email sent to you. (2)

Sincerely,

CSUN Email Services, (3)
California State University,
18111 Nordhoff Street,
Northridge, CA 91330
Phone: (818) 677-1200
Email:    
[---001:000564:57449---]

--- End of Email---

  1. The manner used to address you is off. Typically speaking, CSUN emails will address you personally.
  2. Immediate calls to action in all caps tend to be there specifically to get your attention and force you to open a link. Try to hover over these to see where  they go. If you doubt its validity, contact the IT Help Center with the ID you are given and they will help you determine if the email is valid. 
  3. The signature line of this email is not typical of what the campus would use. 

 

IT Help Center - Your CSUN Email Account Password Is About to Expire

---Start of Email---

Reported: September 29, 2014
Email:
Date: Monday, September 29, 2014
Subject: IT Help Center - your CSUN Email Account Password is about to expire (1)

Dear Member, (2)

Your CSUN Email Account Password is about to expire.

Click on the link below to Validate Your Password (3)

http://outlook.com/owa/mycsunemail/account/password-Validation (link has been removed)

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the or in person, Oviatt Library, Room 33..

Regards,

IT Help Center

California State University, Northridge ®
18111 Nordhoff Street, Northridge, CA 91330 

---End of Email---

  1. This email header is familiar to all CSUN users. If the subject seems unfamiliar, compare it to previous versions of this email you may have received.
  2. The email addresses you vaguely. Typically speaking, official CSUN emails will refer to you personally.
  3. ”Validating your password” is not a real action you can do. This should immediately raise a red flag. 

 

IT Help Desk - Your Email Account has been Temporarily Suspended :

---Start of Email---

Reported: September 28, 2014
Email:
Date: Sunday, September 28, 2014
Subject: IT Help Desk - Your Email Account has been Temporarily Suspended: (1)

There will be difficult challenges to Log-on into Your Csun Email Account, (2)
due to current upgrade on our Secured Server to all webmail user. (2)
Hence, Your CSUN account password have been Reset OR Changed. (2)

Please Click here - Validate Your Password (link has been removed)

Thank you,
IT Help Desk

© CSU Northridge, All Rights Reserved. 

---End of Email---

  1. If you view an email like this from your CSUN email account, you can immediately dismiss the email as fraudulent because your account has not been suspended if you are using it to read the email. If viewing this email from a personal email account, you can dismiss this email quickly by logging in to your CSUN email account to see if it's still active. 
  2. The lack of proper grammar should make you feel a little suspicious. 

 

 New Message

---Start of Email---

Reported: September 26, 2014
Email:
Date: Friday, September 26, 2014
Subject: New Message (1)

Dear Member, (2)

You Have 1 New Message

Click Here To Read (link has been removed) (3)

Regards,

IT Help Center

© 2014 California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330

---End of Email---

  1. The message’s subject has no indication of an actual issue. Had there been an important specific issue, it would have given an indication as to what you needed to know.
  2. The greeting does not address you specifically. This is especially suspicious given that you are apparently receiving notifications about a message specially meant for you.
  3. The message indicates that you need to click on a link to view the message. It is recommended that you visit the actual application to view any messages that you may have. 

 

Some CSUN Webpages Unavailable – Portal and Webmail Access is Available

 ---Start of Email---

Reported: September 26, 2014
Email:
Date: Friday, September 26, 2014
Subject: Some CSUN webpages unavailable- Portal and Webmail access is available

Hello (1)

Some university webpages are currently unavailable. 
Please monitor this web page for additional information and status updates. (2) (3)
We are working to resolve the issues as quickly as possible. 

Click here to confirm your access (link has been removed (4)

Thank you,
IT Help Desk

---End of Email---

  1. This email addresses you both informally and vaguely. Even if an email from campus officials does not address you specifically, it will still be formal.
  2. Technical outages are normally reported on the IT Current Service Interruptions page. If you receive an email that is reporting outages and asking you to click on a specific link for more info, make sure you double-check if the link is legit. 
  3. The email asks you to visit a link that lets you ‘monitor … for additional information and status updates’ but then states the link at the bottom is to ‘confirm your access’. Minor discrepancies are key to picking apart phishing emails.
  4. CSUN would not ask you to “confirm your access”.

 

Your CSUN Account Password is About to Expire

---Start of Email---

Reported: September 25, 2014
Email:
Date: Thursday, September 25, 2014
Subject: Your CSUN account password is about to expire

Dear Member, (1)

Your CSUN account password Will Expire Today Thursday 25 September 2014

Click Here To Renew

www.csun.edu/account/password-renew (link has been removed) (2)

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the or in person, Oviatt Library, Room 33..

Regards,

IT Help Center

California State University, Northridge ®
18111 Nordhoff Street, Northridge, CA 91330 

---End of Email---

  1. Official CSUN emails will address you personally.
  2. The link currently being shown is a real csun.edu webpage, HOWEVER, if you feel suspicious about an email directing you somewhere, hover over the link to see where it goes. It is possible to have the text say it will go one place, when it actually is directing you somewhere else.

 

CSUN Faculty & Staff News

---Start of Email---

Reported: September 23, 2014
Email:
Date: Tuesday, September 23, 2014
Subject: CSUN Faculty & Staff News

You are receiving this email because you are listed as the owner of the CSUN email accounts that are about to be migrated to the new cloud-based email environment, Office 365 (2). In addition to providing a more stable email environment, Office 365 offers an enhanced interface for Webmail (2) users, especially for Mac users. This email outlines key information about the migration and its impact on this account. 

The migration for these email accounts to Office 365 will occur between Today Tuesday, September 23 and Friday, 27. (2) If there is a large amount of email in these account (1), the migration may complete after business hours; in that case, the accounts will be available by following the directions below. (1)
  
Prior to the migration, we recommend emptying the junk mail folder and any deleted items because this will help speed up the migration process.
 
How will you be impacted during the migration?

  • During the upgrade/migration, you will be able to send and receive email; however, there are some changes you will need to make after the email accounts are migrated.
  • If the account has voice mail, you may notice a delay in the delivery of voice mail messages to this email account; this will not impact accessing these messages through the campus phone system.

How will you be impacted after the migration?

  • You will need to use your full CSUN email addresses of these accounts to sign in; you do not have to change the password.
  • If you use Webmail, you will need to access Webmail using the new Faculty & Staff Migrated to Office 365 button, logging in to the email accounts with the full CSUN email address (as listed above), and then selecting the Outlook link in the top right corner. Note that the old CSUN Webmail button will no longer work after the accounts has been migrated.
  • If you use Outlook to access these email accounts, once the migrations are complete you may see a one-time pop-up asking you to quit and restart Outlook before it successfully connects to the new mailboxes.
  • If you access these CSUN email accounts from an email client other than Outlook (e.g. Apple Mail, Thunderbird) or a mobile device (e.g. smartphone, tablet) , you will need to reconfigure the server name settings using the directions on the web page, Accessing CSUN Email After the Upgrade.
  • You may experience temporary slowness immediately after these email accounts are migrated while it synchronizes with the new environment. However, if the email accounts remain slow for more than a day after it has been migrated, please contact the IT Help Center.

Click Here To Migrate (link has been removed) (3)

Where can I get help? 
Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the Faculty and Staff Email Upgrade page. (links have been removed) (4)

--End of Email---

This phishing attempt is more elaborate than usual. The sender most likely copied some language directly from CSUN emails or policies.

  1. Some of the language is off. Though not necessarily something of concern, it should stir some suspicion. 
  2. This email actually references products used on campus but the user is given very little notice to act. This is typically a red flag. 
  3. The email asks you to click on a link to migrate your email, which has been removed in this example. In the actual email, the hovered-over link had a suspicious URL. Do not click on any links unless you can conform the end result. 
  4. This email asks the user to contact the IT Help Center, a real department on campus but points users to a suspicious page. 

 

FW: ACCOUNT UPDATE NOTICE

---Start of Email---

Reported: September 23, 2014
Email:
Date: Tuesday, September 23, 2014
Subject: FW: ACCOUNT UPDATE NOTICE (1)

Attachment titled WEBMAIL MAINTENANCE NOTICE.pdf (removed)

Engineering and Physical Sciences Research Council (EPSRC) - Pioneering research and skills

For pioneering science and engineering stories, download the EPSRC Growth App or visit the case studies page on our website.

_______________________________________________________________
This message has been scanned by the iCritical Email Security Service. For more information please visit http://www.icritical.com (link removed) (2)

---End of Email---

  1. The email sent to you has a subject header that is sent in all caps. This is unprofessional and should alert you to this email potentially being a threat.
  2. Critical email security is not a service that actually exists. Typically speaking, a service that runs in the background to check emails or the like will not show end users (you) their scan results. This is generally suspicious. 

 

Your CSU, Northridge Account Password is About to Expire

---Start of Email---

Reported: September 22, 2014
Email:
Date: Monday, September 22, 2014
Subject: Your CSU, Northridge account password is about to expire.

 

Dear Member, (1)

Your CSUN account password Will Expire Today Monday 22 September 2014

Click Here To Renew (link has been removed) (2)

Please contact the IT Help Center or your local technical support staff. For answers to frequently asked questions, visit the or in person, Oviatt Library, Room 33..

Regards,

IT Help Center

California State University, Northridge ®
18111 Nordhoff Street, Northridge, CA 91330 

---End of Email---

  1. The email addresses you informally and vaguely. If a CSUN email addresses you, it will attempt to either include your name or omit to address you altogether.
  2. Be very careful of clicking on links. Most email clients show you where the link goes when you hover over it. 

 

FW FYI: MAINTENANCE NOTICE

---Start of Email---

Reported: September 19, 2014
Email:
Date: Friday, September 19, 2014
Subject: FW FYI: MAINTENANCE NOTICE (1)

Attachment titled WEBMAIL MAINTENANCE NOTICE.pdf (removed) (1)

---End of Email---

  1. The email is almost entirely in all caps. An official email from a professional company typically will take time to explain why they need you to look at this email, instead of getting your attention this way. Even advertisements only highlight specific portions of their email or subject header.

 

Account Verification Notice

---Start of Email---

Reported: September 18, 2014
Email:
Date: Thursday, September 18, 2014
Subject: Account Verification Notice

Dear User, (1)

Due to system error's Your webmail needs to be verified today. (2)

Verify Now (link has been removed) (3)

Regards,
CSUN

---End of Email---

  1. Technical support emails in general will not address you simply as “user”.
  2. The only complete sentence in the email has typos and grammatical errors. This should immediately raise a red flag. 
  3. As always, be wary of any link that you do not know the end destination of.

 

IT Help Center :- New Message

---Start of Email---

Reported: September 17, 2014
Email:
Date: Wednesday, September 17, 2014
Subject: IT Help Center :- New message

Dear Member, (1)

You Have 1 New Message (2)

Click Here To Read (link removed)

Regards,

IT Help Center

© 2014 California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330 

---End of Email---

  1. ”Member” is more appropriate for a gym trying to reach out to you about overdue membership fees. It is not a way that we at CSUN would refer to you in an email.
  2. Even if you did have a message, there would be some information as to who sent it and why, for the sake of authenticity.

 

<no subject> 

---Start of Email---

Reported: September 17, 2014
Email:
Date: Wednesday, September 17, 2014
Subject: <no subject> (1)

Can i discuss a transaction with you. 

wilson mak sen (2)

---End of Email---

  1. This email was sent to our lists as shown to you. There was a link at one point, which has been removed. There is no subject header, which is contradictory to the reason for the email. A transaction is typically something important enough to warrant putting something in the subject for you to read.
  2. The signature line of the email is suspicious and not typical of a legitimate email. 
  3. If you are completely unsure who someone is, be wary of an email coming your way. This is also a good time to mention: even if the email claims to be from someone you know, it may be an attempt to get information from you by pretending to be someone important.

 

Verify Your Webmail Account Now

---Start of Email---

Reported: September 16, 2014
Email:
Date: Tuesday, September 16,2014
Subject: Verify Your Webmail Account Now

This email is being sent to you because of violation security breach that was detected by our servers. (1) (2)
Our server detected that one of the messages you received from a contact has already infected your mail with a dangerous virus.

Please follow the link below to perform maintenance work needed to improve the protection of the email for us to verify and have your account
cleared against this virus.

http://www.csun.edu/maitenance/verification/ (link has been removed) (3)

thanks
CSUN
© California State University, Northridge 

---End of Email---

  1. No formal greeting. 
  2. As a whole, the general tone of the email is unprofessional, and slightly off grammatically. 
  3. It’s doubtful CSUN would misspell “maintenance” on an official webpage's URL.

 

Contact Us

Information Security
iso@csun.edu
(818) 677-6100

Report an Incident button.

IT Help Center
(818) 677-1400

Request Assistance button.

CSUN Help Center

Return to Phishing Examples
Information Technology
© California State University, Northridge
18111 Nordhoff Street, Northridge, CA 91330
Phone: (818) 677-1200 / Contact Us