Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, social security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity or both.
Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.
This page provides examples of the phishing emails received by the campus community at large. Each example includes the actual text used to lure the user into a false sense of security and points out why the email is suspicious. Please use these examples to educate yourself on what to look for so that you do not become a victim.
GIFT CARD SCAMS
Gift cards have become a popular way for scammers to steal your money. Scammers will send you an email or a tezt message, often impersonating your coworkers or supervisor or other university official, asking you to purchase gift cards for a special event. They willl usually asking you to be discreet. Often the sender will claim to be in a meeting and unable to take calls, preventing you from calling to confirm the request.
The initial email may start out innocuously, asking if you are available, stating that they need a favor, or asking for your phone number so you can receive text messages. Once you respond, the scammer will ask you to purchase gift cards, specifying the quantity and denomination. The message will ask you to scratch off the cards to reveal the codes, take pictures of those codes, and then reply back with those pictures.
If you reply with the cards’ codes, your money is now in the hands of the scammer. Gift cards are treated as cash, and in many cases, cannot be refunded.
HOW CAN I SPOT THESE SCAMS?
In most cases, the sender information is falsified to make it appear to be coming from a CSUN mail address. Remember: Pay close attention to the sender’s address. If on a mobile device, tap the sender’s name to reveal the actual email address. If the sender’s address ends in @gmail.com, @outlook.com, or anything other than @csun.edu, the request is most likely a scam.
Contact the person who is requesting these gift cards in person or through a known trusted phone number. If you appear to receive a text or call from a CSUN number asking you to purchase gift cards, look up the number in the CSUN directory and call that person. Phone numbers can be spoofed.
Never send gift card codes via email without confirming the request.
WHAT IF I PROVIDED MY PERSONAL PHONE NUMBER?
If you responded to a phishing email and provided your cell phone number, you’ll need to be aware of the increased potential for future phishing messages. Known as smishing (or SMS phishing), the messages can impersonate coworkers, supervisors, financial institutions or other companies.
It can be difficult to spot malicious links in text messages, which is why we recommend not clicking on links or calling numbers provided by text messages. If you receive an unexpected text message claiming to be from your bank or other organization, contact the company via a known good number, such as the phone number printed on the back of your bank card.
By remembering that sender information can be falsified, you can remain vigilant and spot these fake messages. In these situations, Information Security recommends that you block the phone number that sent you the text message.
---Start of Email---
From: <
>
Sent: Sunday, Apr. 2024 at 2:52:52 PM
Subject: Undercover Store Shopper
Dear Students/Staff CSUN
An evaluator is someone whose job is to judge the quality, importance, amount, or value of something. We URGENTLY need to hire the service of 10 students and staff randomly to evaluate a few local stores.
Position: Discreet Shopper & Errand Carried out.
Type: Part-Time Job
Work Flexibility: 2days a week/ 2-3hrs to complete a task
Weekends: (Sunday OFF)
Working Hour: 4-6 hours a week
Weekly Payment: $550
Get paid for doing something you enjoy. Become a digital store shopper to make extra cash on the side. Well suited job for students/staff. Be an independent contractor and work on your own schedule. Bridge gaps in your finances and help the world be a better place by giving valuable data feedback to some of the biggest brands in the States. Send { I'm Interested } to {example1@gmail.com } using your personal email address such as gmail,hotmail,icloud,yahoo and not your school email so that you can effectively receive responses from us.
California State University Northridge Students Job Placement
Discreet Shopper Opportunity
$21-$23 per hr + Benefit
Student Employment Appreciation
---End of Email---
How we know it's phishing?
- Expresses urgency to an email that users did not expect.
- CSUN has no jobs positions that consist of a "Undercover Store Shopper". The description of the position as also suspiciously vague.
- The email claims to randomly select students and staff for the job. Legitimate job offers typically require applicants to go through a proper application and selection process.
- The email promises a high weekly payment ($550) for what seems like minimal work (4-6 hours a week). This is a tactic to lure people in with the promise of easy money.
- Email asks recipients to reply using their personal email addresses (e.g., gmail, hotmail, icloud, yahoo) instead of their school email. Legitimate organizations usually communicate through official channels.
When reporting a phishing or spam email to abuse@csun.edu, Information Technology will ask you to send the email as an attachment. Sending the email as an attachment allows Information Technology the ability to see full email headers, providing all the information needed to investigate the email. If you need instructions on how to send the email as an attachment, visit the How to Forward an Email as an Attachment page.
Phishing Examples
---Start of Message---
---End of Message---
How we know it's phishing?
- Help Center does not sent text messages to students.
- Help Center will never ask for a passcode.
- This message contains many errors such as spacing between words.
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Wednesday, March, 2024 5:01:30 AM
Subject: IMPORTANT CSUN MEMO FROM HR: ASSESSMENT REPORTS FOR FACULTY AND STAFF 2024
Hope this email finds you well.
I am pleased to inform you that the HR Department has recently finalized the Assessment Report for all staff members. It is imperative that you treat this matter with urgency.
Attached below, you will find the relevant file that contains your assessment report. Please open it to access the information.
CLICK HERE TO VIEW REPORTS
Thank you for your prompt attention to this matter.
--
Mars Cook
Undergraduate Student, Creative Writing
Peer Writing Specialist - Learning Resource Center
California State University, Northridge
---End of Email---
How we know it's phishing?
- Expresses urgency to an email that users did not expect.
- Sent at a time outside of common office hours; sent at 5:01AM
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: <xxxxx+xxxxxx_xx_xxxxxxxxxxxx.xxx.xx @gaggle.email>
Sent: Monday, November 6, 2023 5:23:30 PM
Subject: Email confirmation
.
Click here to manage your membership or unsubscribe.
---End of Email---
*Note: The original QR code has been replaced for reference purposes only.
How we know it's phishing?
- The email does not include text, it is in an image.
- This email contains grammatical errors.
- The email asks to scan an unofficial QR code.
- Emails that do not end with @csun.edu or @my.csun.edu should be considered suspicious.
- Emails will not ask to "click here" or "click to unsubscribe".
---Start of Email---
From: Gxxxx , Lxxxx <xxx.xxx @csun.edu>
Sent: Sunday, January 29, 2023 7:10:29 PM
Subject: ADMINISTRATIVE ASSISTANT REMOTE JOB
Some departments are currently hiring individuals who can assist some of their visiting professors by providing basic admin duties remotely.
The successful candidate will Liaise with staff, other departments, and/or external organization concerning matters regarding assigned work as well as coordinating with the Director.
Weekly Salary:
$400 ( $350 +$50 for miscellaneous including tax)
For more Information. Contact (frank.garza### @gmail.com) with your alternative “email address” as well as your school schedule.
---End of Email---
How we know it's phishing?
- The email does not contain an official CSUN email signature.
- This email contains grammatical errors.
- The email asks to send for more information to an non-CSUN email with an alternative email address.
Examples from previous years can be found below:
