Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, social security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both.
Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.
This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim.
GIFT CARD SCAMS
Gift cards have become a popular way for scammers to steal your money. Scammers will send you an email or a tezt message, often impersonating your coworkers or supervisor or other university official, asking you to purchase gift cards for a special event. They willl usually asking you to be discreet. Often the sender will claim to be in a meeting and unable to take calls, preventing you from calling to confirm the request.
The initial email may start out innocuously, asking if you are available, stating that they need a favor, or asking for your phone number so you can receive text messages. Once you respond, the scammer will ask you to purchase gift cards, specifying the quantity and denomination. The message will ask you to scratch off the cards to reveal the codes, take pictures of those codes, and then reply back with those pictures.
If you reply with the cards’ codes, your money is now in the hands of the scammer. Gift cards are treated as cash, and in many cases, cannot be refunded.
---Start of Email---
From: <
>
Sent: Sunday, Apr. 2024 at 2:52:52 PM
Subject: Undercover Store Shopper
Dear Students/Staff CSUN
An evaluator is someone whose job is to judge the quality, importance, amount, or value of something. We URGENTLY need to hire the service of 10 students and staff randomly to evaluate a few local stores.
Position: Discreet Shopper & Errand Carried out.
Type: Part-Time Job
Work Flexibility: 2days a week/ 2-3hrs to complete a task
Weekends: (Sunday OFF)
Working Hour: 4-6 hours a week
Weekly Payment: $550
Get paid for doing something you enjoy. Become a digital store shopper to make extra cash on the side. Well suited job for students/staff. Be an independent contractor and work on your own schedule. Bridge gaps in your finances and help the world be a better place by giving valuable data feedback to some of the biggest brands in the States. Send { I'm Interested } to {example1@gmail.com } using your personal email address such as gmail,hotmail,icloud,yahoo and not your school email so that you can effectively receive responses from us.
California State University Northridge Students Job Placement
Discreet Shopper Opportunity
$21-$23 per hr + Benefit
Student Employment Appreciation
---End of Email---
How we know it's phishing?
- Expresses urgency to an email that users did not expect.
- CSUN has no jobs positions that consist of a "Undercover Store Shopper". The description of the position as also suspiciously vague.
- The email claims to randomly select students and staff for the job. Legitimate job offers typically require applicants to go through a proper application and selection process.
- The email promises a high weekly payment ($550) for what seems like minimal work (4-6 hours a week). This is a tactic to lure people in with the promise of easy money.
- Email asks recipients to reply using their personal email addresses (e.g., gmail, hotmail, icloud, yahoo) instead of their school email. Legitimate organizations usually communicate through official channels.
When reporting a phishing or spam email to abuse@csun.edu, Information Technology will ask you to send the email as an attachment. Sending the email as an attachment allows Information Technology the ability to see full email headers, providing all the information needed to investigate the email. If you need instructions on how to send the email as an attachment, visit the How to Forward an Email as an Attachment page.
Phishing Examples
---Start of Message---
---End of Message---
How we know it's phishing?
- Help Center does not sent text messages to students.
- Help Center will never ask for a passcode.
- This message contains many errors such as spacing between words.
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Wednesday, March, 2024 5:01:30 AM
Subject: IMPORTANT CSUN MEMO FROM HR: ASSESSMENT REPORTS FOR FACULTY AND STAFF 2024
Hope this email finds you well.
I am pleased to inform you that the HR Department has recently finalized the Assessment Report for all staff members. It is imperative that you treat this matter with urgency.
Attached below, you will find the relevant file that contains your assessment report. Please open it to access the information.
CLICK HERE TO VIEW REPORTS
Thank you for your prompt attention to this matter.
--
Mars Cook
Undergraduate Student, Creative Writing
Peer Writing Specialist - Learning Resource Center
California State University, Northridge
---End of Email---
How we know it's phishing?
- Expresses urgency to an email that users did not expect.
- Sent at a time outside of common office hours; sent at 5:01AM
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Monday, November 6, 2023 5:23:30 PM
Subject: Email confirmation
.
Click here to manage your membership or unsubscribe.
---End of Email---
*Note: The original QR code has been replaced for reference purposes only.
How we know it's phishing?
- The email does not include text, it is in an image.
- This email contains grammatical errors.
- The email asks to scan an unofficial QR code.
- Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: Gxxxx , Lxxxx <xxx.xxx @csun.edu>
Sent: Sunday, January 29, 2023 7:10:29 PM
Subject: ADMINISTRATIVE ASSISTANT REMOTE JOB
Some departments are currently hiring individuals who can assist some of their visiting professors by providing basic admin duties remotely.
The successful candidate will Liaise with staff, other departments, and/or external organization concerning matters regarding assigned work as well as coordinating with the Director.
Weekly Salary:
$400 ( $350 +$50 for miscellaneous including tax)
For more Information. Contact (frank.garza### @gmail.com) with your alternative “email address” as well as your school schedule.
---End of Email---
How we know it's phishing?
- The email does not contain an official CSUN email signature.
- This email contains grammatical errors.
- The email asks to send for more information to an non-CSUN email with an alternative email address.
Examples from previous years can be found below: