Phishing Awareness and Training
About Phishing and How to Report
What is Phishing?
Phishing attempts are email messages designed to steal your identity. They can look very official, with familiar logos or messaging, and ask you to confirm or update information such as logins, account numbers, or other personal information.
You may receive a message where the email sender appears to come from a legitimate source, for example, firstname.lastname@example.org. If you have any doubt, we recommend contacting the sender to verify the validity of the message, as it may be a spoofing attempt. Spoofing is an easy method to fake the sender of an email message.
No reputable institution will ask you to submit your login, password, or credit card information through email or a link in an email. Clicking through may lead to deceptive websites designed to look like a legitimate site, or may link to websites that infect your computer with viruses or other malicious software.
You can usually identify phishing messages because they convey urgency, make claims or threats about the security of your account, or just seem suspicious, as well as the following:
- An email asks you to reply with personal information, such as your ID or password, or asks you to click a link to enter personal information.
- The email address doesn’t match the sender: for example, official SacLink notifications will only come from @csus.edu email addresses.
- The email salutation does not address you personally but instead uses a generic or an incorrect recipient. Phishing emails often use “Dear User” instead of your name.
- The “From” field has a .com, .org, or .net address, not a name or specific group, such as “Bob Smith” or “Office of the President.”
- Contains typos and grammatical errors.
If a suspicious message originates from University resources, or the sender appears to be someone from campus ― like these recent examples (PDF) ― safely report it immediately to the Information Security Office Team.
- Do not click on any links or open any attachments as they may contain viruses or other malware.
- Safely forward the suspicious communication as an attachment. To do so, create a new message and address it to email@example.com, then drag and drop the suspicious message into the body of the new message. Add a subject line and click send.
- Delete the message.
Need additional help? Please contact the IRT Service Desk Team at (916) 278-7337 or firstname.lastname@example.org.