How to Spot a Phishing Scam

by in , , , ,

We've all received them, emails from a seemingly trusted source like a bank, delivery company or even your own place of employment, claiming there was some type of issue or another requiring you to offer up some personal information or to click on a link or button to help clear the issue up. If you receive an email similar to this DO NOT CLICK ON ANY LINK OR OFFER UP ANY INFORMATION! 


This is a common form of security attack called a phishing or spear phishing scam.

Groups attempting to steal personal information will often use e-mails that appear to originate from a trusted source to try and trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site look like they are part of a bank or some other organization the user is doing business with.

For example, it could be a phishing email if...
  • There are misspelled words in the e-mail or it contains poor grammar. 
  • The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers. 
  • There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address." 
  • The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example: 
    • Phishing website: www.regionsbanking.com 
    • Real website: www.regions.com
If you receive an email like this and you think it may be fraudulent, please report it immediately to the T&C Helpdesk at X8552, helpdesk@csuci.edu, or infosec@csuci.edu. Our technicians will assist you and instruct you on how to effectively remove it.

Please remember... nobody from T&C will ever ask you for any personal information, including your password!