CSU, Chico students are often targeted with scams promising jobs. Students have been scammed out of money or had campus accounts compromised by job-related phishing scams. ITSS recently used PhishMe to raise awareness of this type of scam. We modeled the PhishMe campaign after an actual job scam that had recently targeted CSU, Chico students.
The campaign was a “double barrel” format wherein an initial email references a forthcoming email to build trust. The second email will attempt to obtain account credentials, personal information for identity theft, or will request payment for materials needed for the fake job.
2.46% of CSU, Chico students were found by PhishMe to be susceptible to this type of scam and were redirected to educational phishing material. While this is lower than previous campus PhishMe campaigns it still leaves room for improvement. Be aware of emails that:
- Ask you to click on a link or open an attachment.
- Create a sense of urgency.
- Evoke strong emotions, like greed, jealousy, or fear.
- Request sensitive data.
CSU, Chico will never ask for passwords or other sensitive data via email. Always check the URL of the site you are visiting. In many instances, a phishing email will direct you to an imitation website that appears legitimate, but attempts to steal your password or other sensitive data.
If an email or job offer sounds too good to be true it probably is. Most legitimate jobs do not require you to pay money or send personal information via email. Don’t hesitate to check with ITSS if you are unsure about the authenticity of an email you’ve received.