Skip to Content

Information Security Office

Phishing Information and Awareness Training

Online Phishing Quiz

What is Phishing?
Common techniques used in Phishing
Ways to avoid getting hooked by Phishing attempts
Online Quiz
How to Report if You Have Been a Victim of a Phishing Scam
Phishing Resources

What is Phishing?

Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal campus users' personal identity data and financial account credentials. Social-engineering schemes use spoofed e-mails masquerading as a legitimate businesses and agencies to lead campus users to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords. Technical-subterfuge schemes plant crimeware onto computers to steal credentials directly, often using systems to intercept consumers online account user names and passwords - and to corrupt local navigational infrastructures to misdirect campus users to counterfeit websites (or authentic websites through phisher-controlled proxies used to monitor and intercept consumers’ keystrokes).

The number of unique phishing websites detected by Anti-Phishing Working Group (APWG) during the first quarter of 2008 saw a massive increase during the month of February, an increase of more than 77 percent from January 2008.


Common techniques used in Phishing

Phishers use a variety of techniques that prey upon human nature to lure victims into providing their personal and financial information.

  • Urgency
    “If you do not respond immediately, your account will be suspended”
    “The offer is only good for the next 15 minutes”

  • Exclusivity
    “You have been chosen to receive…”

  • Fear
    ”Your account has been compromised and your data must be verified”

Ways to avoid getting hooked by Phishing attempts
  • Do not reply to email or pop-up messages that ask for personal or financial information.

  • Do not click on links provided in emails

  • If the email is sent by an institution that you are part of, open a web browser and manually enter the web address of the institution.

  • Do NOT cut-n-paste the address from the email.

  • Do not call any numbers provided in email. Use numbers provided by your affiliated institution in statements or on your membership card.

  • Use and regularly update anti-virus and anti-spyware software as well as firewalls.

  • Use security images to verify you are on the correct site, where supported - Coming Soon to SacLink.

How to Report if You Have Been a Victim of a Phishing Scam

Forward spam that is phishing for information to iso@csus.edu. The Information Security Office will analyze the phishing attempt and take appropriate action. If you feel you have become a victim of a phishing attack, please contact the Information Security Office.

Information Security Office
916-278-1999
iso@csus.edu

Phishing Resources

http://www.onguardonline.gov/topics/phishing.aspx
http://www.antiphishing.org/reports/apwg_report_Q1_2008.pdf
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.pdf