California State University, Sacramento

Based on real user feedback and statistics, csus.edu no longer supports Microsoft’s Internet Explorer browser. Please upgrade your browser to improve your experience.

Skip to Main Content

Information Security Information Resources & Technology

Support Page Content

Phishing Awareness

Some of the most serious cybersecurity risks faced by universities are phishing emails or smishing texts to mobile devices. To help keep our Hornet Family safe, your IRT Information Security Team provides ongoing education and Cofense PhishMe training to improve our campus community's ability to identify, report, and not become a victim to these digital scams.

Phishing attempts are email messages designed to steal from you. They often look official, with familiar logos or messaging, and will ask you to confirm or update information such as logins, account numbers, or other personal information. From financial aid scams, "fake job" offers, tax season attacks, and scammers taking advantage of those working remotely during the Coronavirus, phishing attempts are on the rise.

Phishing Awareness Tip Sheet

How to Report Phishing

If a suspicious message originates from University resources, or the sender appears to be someone from campus, here's what you need to do:

  1. Do not click on any links or open any attachments as they may contain viruses or other malware.
  2. Report the message.

How to Report Phishing


Additional Account Security

Sacramento State also participates in Two-Step Verification with Duo, which provides extra account protection even if an attacker gains access to your password. All Faculty, Staff, and Students can enroll in this free program.

Enroll in Two-Step Verification with Duo

What to Look for

You can usually identify phishing messages because they convey urgency, make claims or threats about the security of your account, ask for confidential information (such as logins, banking information, etc.) or just seem suspicious. They may also ask for the following:

  • An email asks you to reply with personal information, such as your ID or password, or asks you to click a link to enter personal information.
  • The email address doesn’t match the sender: for example, official Sac State communications will only come from @csus.edu email addresses.
  • The email salutation does not address you personally but instead uses a generic or an incorrect recipient. Phishing emails often use “Dear User” instead of your name.
  • The “From” field has a .com, .org, or .net address, not a name or specific group, such as “Bob Smith” or “Office of the President.”
  • Contains typos and grammatical errors.

View an Example Phishing Email

Cofense PhishMe Training

Cofense PhishMe is a phishing training program intended to help our campus community recognize and delete email phishing messages. We’ll periodically send Cofense PhishMe training emails to your Sac State account that mimic the phishing emails that typically target our Hornet Family. These experiences are intended to help faculty, staff and students protect their privacy and confidentiality.

How We’re Doing