Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency, or any other service or business. It often urges you to act quickly by getting you to click on a link or open an attachment because your account has been compromised or there is an urgent matter to address. The best way to report spam on campus is by marking it as junk or phishing in Outlook.University students, faculty and staff are frequent targets of spam and phishing emails. While spam can be annoying, it's often harmless. Phishing, on the other hand, can put your personal information at great risk.


Expand
titleWhat is spam? What is phishing?

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. 

Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses is designed to trick you into sharing personal information like usernames, passwords, basically anything that can be used to gain access to your identity and accounts. A cybercriminal creates an email or text message that appears to be from a trusted source (like a Cal Poly college or department, your bank, your employer, etc.). Most often, these messages urge you to act quickly and click on a link or open an attachment. They might falsely claim that your email inbox requires verification or will be shut down, or that you need to take some action to apply for a job or receive financial aid. If you follow through on the request, the cybercriminal can then use the information to con you out of money, compromise your email account, and use it to phish others.

Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic, and because the recipient is already customer of the business, the email may more easily make it through filters, and the recipient may be more likely to open the email.


Expand
titleHow can I protect myself against spam and identify phishing emails?
Use an email filter
Most internet service providers (ISPs) and email providers have spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly

Often, phishing emails look legitimate, but the URL or email address looks slightly off. They tend to be poorly written and have numerous grammatical errors. Phishing emails and text messages are designed to give you a sense of urgency. They tell a story to trick you into clicking on a link or opening an attachment. They may:

  • Claim that there is an issue with your email account that requires action
  • Say that you qualify for an employment opportunity
  • Claim that the sender is your employer and they need your help
  • Say they’ve noticed some suspicious activity or log-in attempts
  • Say you must confirm some personal information
  • Include an invoice for something you didn't order
  • Ask you to click on a link to log-in to your account or make a payment

It’s important to remember that while emails from actual Cal Poly offices may contain links, Cal Poly will never ask you to click a link to make a transaction such as verifying your email inbox, paying tuition, or confirming personal information. Official university transactions are mostly handled through the secure My Cal Poly Portal.


Expand
titleHow can I protect myself against spam and phishing?
  • Don’t reveal personal or financial information
    Do not respond to email solicitations with any personal information. Don’t click links sent in email that ask you to provide personal information.
  • Pay attention to website URLs
    Malicious websites may look identical to a legitimate site, but the URL uses a variation in spelling or a different domain (e.g., .com versus .net).
  • Limit your exposure
    You might decide to use two email addresses — one for personal messages and one for shopping, newsletters, chat rooms, coupons and other services.  AlsoAlso, try not to display your email address in public. That includes on in blog posts, in chat rooms, on social networking sites, or in online membership directories. Spammers use the web to harvest email addresses.
  • Create unique, secure, and strong passwords or passphrases
    Review Cal Poly's password requirements. Having separate passwords or passphrases for every account helps to thwart cybercriminals. Separate your work and personal accounts. Use a password manager like LastPass.
  • Keep a clean machine
    Keep all software on internet-connected devices – including computers, smartphones and tablets – up to date to reduce risk of infection from malware. Sophos Central Endpoint Protection antivirus software is installed on all university-owned computers and you can install Sophos Home for free on your personal devices.
  • Check privacy policies and uncheck boxes
    • Check the privacy policy before you submit your email address to a website. See if it allows the company to sell your email to others. You might decide not to submit your email address to websites that won't protect it.
    • When submitting your email address to a website, look for pre-checked boxes that sign you up for email updates from the company and its partners. Some websites allow you to opt-out of receiving these mass emails.
  • Own your online presence
    Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information. 
  • Don’t reveal personal or financial information
    Do not respond to email solicitations for this information. This includes clicking on links sent in email.
  • Pay attention to website URLs
    Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • Keep a clean machine
    Keep all software on internet-connected devices – including computers, smartphones and tablets – up to date to reduce risk of infection from malware. Sophos Central Endpoint Protection antivirus software is installed on all university-owned computers and you can install Sophos Home for free on your personal devices.
  • When in doubt, throw it out
    Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
  • Create unique, secure, and strong passwords or passphrases
    Review Cal Poly's password requirements. Having separate passwords or passphrases for every account helps to thwart cybercriminals. Separate your work and personal accounts. Use a password manager like LastPass.
  • Report spam


Expand
titleWhat about spam & phishing on social networks?

Spam, phishing and other scams aren’t limited to just email, they’re also prevalent on social networking sites. The same rules apply on social networks.


Expand
titleWhat should I do if I receive a suspicious email?

Ask yourself if you know the person who contacted you, or if you have an account or affiliation with the department/company.

  • If the answer is “yes,” verify it.
    If you recognize the sender, but you’re unsure whether it’s legitimate, you can verify it by contacting them directly. Use the information provided on an official website, or the back of your credit/debit card or account statement (if it appears to be from a financial institution). Don’t use the contact information provided in the suspicious email.
  • If the answer is “no,” report it.
    If you don’t recognize the sender and the message seems suspicious, it could be a phishing scam. Most email clients offer ways to mark/report an email as spam or report instances of spamphishing. Reporting spam will also help to prevent the similar messages from being directly delivered to your inbox. Visit Report spam or phishing to Visit Report Phishing and Spam to learn how to do this on campus via Outlook.


Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts. 

  • Reporting spam and phishing on Facebook
  • Reporting spam on Twitter
  • Reporting spam and phishing on YouTube
    Expand
    titleWhat about spam & phishing on social networks?
    should I do if I fall for a phishing email?

    If you have clicked through an email that you thought was from a legitimate Cal Poly sender and provided your username and password, then realized that it was not a legitimate website (perhaps the URL looks wrong), you need to change your password right away. You can do this by logging-in to the My Cal Poly Portal and going to the Personal Info tab. Then, go back to your inbox and report the email as phishing.


    Expand
    titleWhy can't Cal Poly block all spam and phising?

    The university relies on Office 365 filters and other security tactics to preemptively block millions of spam and phishing emails every quarter. However, there is no perfect solution for filtering out all spam and phishing. One person’s spam could be another individual’s required message.  We rely on Office 365 to preemptively block spam messages and marking them as Junk useful message, and with phishing, scammers are always trying new, sophisticated, and targeted ways to trick people. It can be very difficult to pinpoint these emails, especially if they come from a compromised Cal Poly account. When members of the Cal Poly community report spam and phishing emails, it helps Office 365 improve their spam filters. The best way to report spam on campus is by marking it as junk or phishing in Outlook.

    ...

    • Related Articles
    • Filter by label (Content by label)
      showLabelsfalse
      max5
      showSpacefalse
      sortmodified
      cqllabel = "security" and space = "CPKB" and type = "page"