What is Phishing?

Phishing emails are fraudulent messages designed to trick you into revealing sensitive information, clicking malicious links, or downloading harmful attachments.

These emails often appear to come from trusted organizations such as banks, technology companies, or internal departments. Learning to recognize the warning signs can help protect your personal information and your organization’s systems.

Red Flags of Phishing Emails:

1. Suspicious Sender Address - The sender name may appear legitimate, but the actual email address is unusual or misspelled. Example: support@mircosoft.com instead of support@microsoft.com or pres1dent@csumb.edu instead of president@csumb.edu
2. Urgent or Threatening Language - Phishing emails often try to create panic or urgency. They may claim your account will be suspended, that unusual activity has been detected, or that you must act immediately to avoid consequences. This pressure is designed to make you act quickly without verifying the message.
3. Generic Greetings - Legitimate organizations that you do business with will typically address you by name. Phishing emails often use generic greetings such as: Dear Customer, Valued Member, Account Holder
4. Suspicious Links or Attachments - Links in phishing emails may appear legitimate but lead to malicious websites. Hover your mouse over the link (without clicking) to see the actual destination. If the URL looks unusual, misspelled, or unrelated to the organization, do not click it. Avoid opening unexpected attachments that will often be described as bill.pdf, Invoice.pdf, tax status, etc.
5. Spelling and Grammar Mistakes - Many phishing emails contain poor grammar, misspellings, or awkward phrasing that legitimate organizations typically avoid. Keep a keen eye and re-read the suspected email before responding.
6. Unusual Requests for Sensitive Information - Be cautious if an email asks for sensitive information such as: passwords, social security numbers, banking or financial details, etc. Legitimate companies do not request this information via email.

How To Protect Yourself:

• Think Before You Click If you do not recognize the sender or the request seems unusual or too good to be true, it is safest to delete the email.
• Verify Requests Independently If an email claims to be from a trusted company or service: Do not click the link in the email. Instead, visit the organization’s official website directly or contact them using a trusted phone number or app. For credit card customers for instance, call the number on the back of your card and explain the request you received before responding.
• Use Anti-Virus Software Ensure your device has updated antivirus software to help detect malicious links, malware, and other threats. CSUMB offers free antivirus software for all CSUMB students, faculty and staff. Visit our Free and Discounted software knowledge base within Optimize for more information.

What to do if you think you've been phished:

1. Report the Email - Report the phishing email- in Google log into your @csumb.edu email account via a web browser, click on the three dots in the email and select Report as phishing.
2. Disconnect if You Downloaded Something - If you downloaded an attachment or installed a file from the email, disconnect your computer from the internet (Wi-Fi or Ethernet) immediately and run your anti-virus software and contact IT immediately.
3. Change Your Passwords - Change the password for the affected accounts right away. If you reused that password elsewhere, update those accounts as well. Use strong, unique passwords for each account.
4. Keep A Log - Keep a log of when this happens should you need to later report the incident elsewhere for fraud or other activities. Make sure you record what actions you took to mitigate the issue.
5. Monitor Your Accounts - Watch for unusual activity such as unexpected password resets, login alerts, or unfamiliar transactions and report them right away.