Phishing, Security

Job Scam Emails

CSU, Chico students are often targeted with scams promising jobs. Students have been scammed out of money or had campus accounts compromised by job-related phishing scams. If an email or job offer sounds too good to be true it probably is. Most legitimate jobs do not require you to pay money or send personal information via email.

Do Not Respond to any job advertisement or offer that requires you to:

  • Give your credit card or bank account numbers or copies of personal documents.
  • Send payment by wire service or courier.
  • Deposit checks or transfer money into your bank account.
  • Receive or process a large check.

Don’t hesitate to check with ITSS if you are unsure about the authenticity of an email you’ve received. The Career Center can also help you determine if a job posting is a scam.

More information about information security and employment scams:

Example of a recent job scam email:

job scam email example
Phishing, Security

Campus Spearfishing Attack

Over the past two weeks Chico State has been specifically targeted by people who have analyzed our org chart and are crafting email attacks based on that data by creating bogus @gmail accounts and then emailing spearphishing attacks “from” a manager to their staff.

spearphishing example

If you reply to these emails they will ask you to purchase gift cards.

I will be having a busy day and I want to surprise some of the staffs with gift card. The type of card I need is steam wallet gift cards $100 denomination, I need $100 X 7 cards so that will be $700 i will be reimbursing back to you. You will purchase the cards from a nearby store to you, when you get the cards, Scratch out the back to reveal the card codes, take pictures of each cards and send it to me here. How soon

can you get that done? Its Urgent and I want you to keep the physical card safe with you cos I will get them from you later.

Once the scammer has the card codes they can take the money from the cards, even without physical access to the cards.

More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml

Phishing

Targeted Phishing Email

A targeted phishing email was recently sent to campus email accounts. It requested people reply with their username and password to “confirm your California State University, Chico Account login/usage Frequency.” ITSS will never ask you to email your password.

If you replied to this email go to Account Center in the Portal and reset your password.

Phishing

COVID-19 Phishing Attacks

In the first of likely many COVID-19 themed phishing attacks targeting campus, this email was sent to campus employees this morning:

COVID-19 Phishing Example

The link goes to a form posing as a file sharing service sign in page. If you clicked on the link and entered your credentials in this form you should go to the Portal and use Account Center to reset your password.

More information about COVID-19 phishing attacks is available at https://cofense.com/solutions/topic/coronavirus-infocenter/.

Phishing, Security

NCSAM Week 2: Phishing

October is National Cybersecurity Awareness Month. For week two CSU, Chico’s Information Security is focusing on Phishing.

Phishing is the act of sending an email to a user falsely claiming to be an established enterprise in attempt to scam the user into giving up private information for identity theft. ISEC has listed some tips for spotting phishing and what to do about phishing scams. This includes paying attention to the From email address, the formatting of the email, and the content.

Please read these tips to avoid becoming a victim of phishing, and follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

October is National Cybersecurity Awareness Month

National Cybersecurity Awareness Month (NCSAM) – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

This year’s Cybersecurity Awareness Month theme is “Own IT. Secure. IT. Protect IT.” with the following calls to action:

  • Own IT.
    • Never Click and Tell: staying safe on social media
    • Update Privacy Settings
    • Keep Tabs on Your Apps: best practices for device applications
  • Secure IT.
    • Shake Up Your Passphrase Protocol: create strong, unique passphrases
    • Double Your Login Protection: turn on multi-factor authentication
    • Shop Safe Online
    • Play Hard To Get With Strangers: how to spot and avoid phish
  • Protect IT.
    • If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
    • Stay Protected While Connected: Wi-Fi safety
    • If You Collect It, Protect It: keeping customer/consumer data and information safe

Additionally CSU, Chico Information Security has created weekly cybersecurity themes that will be detailed on their website at www.csuchico.edu/isec. The Week 1 NCSAM theme is Protecting Yourself Online. Surprising statistics, common risks, and cybersecurity best practices have been identified to help you protect yourself and CSU, Chico. Please follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

Shipping PhishMe Campaign

CSU, Chico was recently targeted by an email scam that imitated a shipping & receiving notice. ITSS emailed faculty and staff to warn them about this scam in March.

We followed up on this scam in May by creating a PhishMe campaign with similar content:

The PhishMe campaign was sent to ~4,000 campus members. Below are the results of this campaign:

As you can see over 14% of employees were found susceptible to phishing. An alarmingly high number of people opened the file attached to this email. You should never open an attachment that you’re not expecting. If you are unsure of the validity of an email you should check with the sender before opening any attachments or links. Opening a malicious attachment can put you, your computer and files, the university, and university systems at risk.

More information about spam and phishing scams is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml.