Support Page Content
Some of the most serious cybersecurity risks faced by universities are phishing emails or smishing texts to mobile devices. To help keep our Hornet Family safe, your IRT Information Security Team provides ongoing education and Cofense PhishMe training to improve our campus community's ability to identify, report, and not become a victim to these digital scams.
Phishing attempts are email messages designed to steal from you. They often look official, with familiar logos or messaging, and will ask you to confirm or update information such as logins, account numbers, or other personal information. From financial aid scams, "fake job" offers, tax season attacks, and scammers taking advantage of those working remotely during the Coronavirus, phishing attempts are on the rise.
How to Report Phishing
If a suspicious message originates from University resources, or the sender appears to be someone from campus, here's what you need to do:
- Do not click on any links or open any attachments as they may contain viruses or other malware.
- Report the message.
Additional Account Security
Sacramento State also participates in Two-Step Verification with Duo, which provides extra account protection even if an attacker gains access to your password. All Faculty, Staff, and Students can enroll in this free program.
What to Look for
You can usually identify phishing messages because they convey urgency, make claims or threats about the security of your account, ask for confidential information (such as logins, banking information, etc.) or just seem suspicious. They may also ask for the following:
- An email asks you to reply with personal information, such as your ID or password, or asks you to click a link to enter personal information.
- The email address doesn’t match the sender: for example, official Sac State communications will only come from @csus.edu email addresses.
- The email salutation does not address you personally but instead uses a generic or an incorrect recipient. Phishing emails often use “Dear User” instead of your name.
- The “From” field has a .com, .org, or .net address, not a name or specific group, such as “Bob Smith” or “Office of the President.”
- Contains typos and grammatical errors.
Cofense PhishMe Training
Cofense PhishMe is a phishing training program intended to help our campus community recognize and delete email phishing messages. We’ll periodically send Cofense PhishMe training emails to your Sac State account that mimic the phishing emails that typically target our Hornet Family. These experiences are intended to help faculty, staff and students protect their privacy and confidentiality.
How We’re Doing
- Faculty, Staff & Auxiliaries Phishing Awareness - May 2020
- Student Financial Aid Phishing Awareness - February 2020
- Phishing Awareness Campaign - October 2019
- Fake Job Opportunity Phishing Awareness Campaign - July 2019
- Financial Aid Phishing Awareness Campaign - Feb 2019
- Phishing Awareness Campaign - October 2018