Beware of Scams and Phishing Attempts

To: Campus Community
From: Ray Quinto, Information Security Officer

The Information Security Office would like to remind you to be vigilant of scam emails and postings, especially as there may be an increase in fake job offers or rental listings following the Camp Fire.


Beware of unsolicited emails with offers or requests that seem odd or suspicious such as a work-from-home job opportunity with high pay for little work, asking you to purchase a number of iTunes gift cards and send a picture of the numbers, or that tell you to “contact me” in some urgent fashion. You may see similar postings on sites like Craigslist offering apartments or houses with surprisingly low rent. Sophisticated hackers can even spoof email addresses to make a message look like it’s coming from someone you know.

Treat anything odd as untrustworthy and do your best to verify the sender, company, or offer by phone or in person before acting on a request—hackers may control the sending email address and respond in ways that seem appropriate to get you to fall for the scam.

Remember, if an offer sounds too good to be true, it probably is.


One of the most serious cyber-security risks facing the campus comes from phishing email messages. Phishing is the use of email in an attempt to steal personal information or hijack computing resources for fraud and identity theft, usually by having the user click a link that takes them to a familiar-looking login screen where information entered will be captured by the hacker. When employees and students are tricked into giving up their user name and password, criminals may gain access to campus systems and/or your personal information.

  • If you suspect an email is a phishing attack, you should delete it. Look for unfamiliar sender addresses, poor grammaror spelling, and a false sense of urgency, and hover over links to verify the URL they’re sending you to, etc. View more tips for spotting phishing attempts.
  • If you are unsure of an email’s legitimacy, verbally confirm with the sender, or you can consult IT Support Services.
  • Do not click on links or open attachments in a suspicious email.
  • If you suspect that you have fallen victim to a phishing scam, you should immediately go to the CSU, Chico Portal ( and reset your password.

Remember, Chico State will NEVER ask for your password via email.

Everyone with an email address is a potential target for phishing or scams. We work diligently to keep these types of emails from getting through our security, but it is a daily and sometimes hourly battle. The campus will continue to make improvements to security technology (including 2-Step Verification), but the best defense against these attacks isn’t just technology, it’s learning how to spot and delete phishing and scam emails. For resources and tips, visit the ISEC website.