Versions Compared

Old Version 14

changes.mady.by.user Nicole

Saved on

compared with

New Version 15

changes.mady.by.user Amy Schwartz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

University students, faculty and staff are frequent targets of spam and phishing emails. While spam can be annoying, it's often harmless. Phishing, on the other hand, can put your personal information at great risk.


Expand
titleWhat is spam? What is phishing?

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. 

Phishing is designed to trick you into sharing personal information like usernames, passwords, basically anything that can be used to gain access to your identity and accounts. A cybercriminal creates an email or text message that appears to be from a trusted source (like a Cal Poly college or department, your bank, your employer, etc.). Most often, these messages urge you to act quickly and click on a link or open an attachment. They might falsely claim that your email inbox requires verification or will be shut down, or that you need to take some action to apply for a job or receive financial aid. If you follow through on the request, the cybercriminal can then use the information to con you out of money, compromise your email account, and use it to phish others.

Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic, and because the recipient is already customer of the business, the email may more easily make it through filters, and the recipient may be more likely to open the email.

...

Expand
titleWhat should I do if I fall for a phishing email?

If you have clicked through an email that you thought was from a legitimate Cal Poly sender and provided your username and password, then realized that it was not a legitimate website (perhaps the URL looks wrong), you need to change your password right away. You can do this by logging-in to the My Cal Poly Portal and going to the Personal Info tab. Then, go back to your inbox and report the email as phishing. If you use your Cal Poly email and password on any other online accounts (which is very risky), you'll want to change your passwords there too.

If you responded to a phishing email with any sensitive personal information, like account numbers or your social security number, be sure to report it to the Federal Trade Commission. You'll also want to notify your bank if you provided any financial information and keep a close eye on your accounts for any suspicious activity.


Expand
titleWhy can't Cal Poly block all spam and phising?

The university relies on Office 365 filters and other security tactics to preemptively block millions of spam and phishing emails every quarter. However, there is no perfect solution for filtering out all spam and phishing. One person’s spam could be another individual’s useful message, and with phishing, scammers are always trying new, sophisticated, and targeted ways to trick people. It can be very difficult to pinpoint these emails, especially if they come from a compromised Cal Poly account. When members of the Cal Poly community report spam and phishing emails, it helps Office 365 improve their filters. 

...