If an email offer seems too good to be true, it likely isn't real. Stay vigilant this March!

Overview

As Spring Break 2024 approaches this March, the Information Security Team wants to remind you to stay vigilant! A series of emails recently went out to campus users from compromised accounts. These emails offered various "easy ways" to improve your financial situation. Please be wary, as what looks too good to be true often isn't real. To assist you with identifying these types of threats, we'd like to share some situational awareness information and advisable actions you can take to keep your data and information safe.

The example image below shows a credential phishing email from a suspected compromised account that went out to various SF State constituents at the start of this year.

Example 1:

Example 1

The example email above went out as a blind carbon copy (BCC). When this happens, no information is listed in the "to" field. This behavior generally indicates that the email may be a phishing attempt. 

The content of the message offers a flexible job opportunity and asks for a response by visiting a listed web address, which is suspicious. This type of ask serves as an excellent example of a scammer trying to entice the end user by claiming they can help them make easy money, but in reality, it is an opportunity to phish your credentials and other personal information.

Any official University job opportunities can be found on the HR website. Financial aid information is available at https://gateway.sfsu.edu/. At no point will an SF State official or a related party ever ask a student or employee to provide personal or financial information via email or ask you to purchase gift cards or gift card information. If one encounters a request or message like this, it is a scam and should be ignored and reported.

Example 2: 

Example 2

In example 2, we see an email that came from an @sfsu email address with an important-looking message that asks the recipient to verify their user information by copying and pasting a listed URL. However, this is another attempt to phish user credentials and other information. Recipients who clicked the link received instructions to enter their user ID, password, and Duo passcode. After entering the information, the scammer was now privy to the user's information. The cybercriminal can now update the unaware end user's direct deposit information to reroute to an offshore bank. Fortunately, the ITS Security Team and Human Resources were able to identify the threat and reverse the changes before any extensive damage took place.

 

What You Can Do

Be vigilant and help protect yourself with the following actions:

  1. If you are unsure if a message is legitimate, please forward it to abuse@sfsu.edu for inspection or use the Report Phishing Button in Outlook.
  2. Do not click on links or attachments from recipients you do not recognize. Be especially wary of .zip files or other compressed or executable file types. 
  3. Do not provide sensitive personal information (like usernames and passwords) over email. If you receive an email asking you to take an action that involves your username and password, contact the sender by phone before doing so. 
  4. Do not assume a "sfsu.edu" email address is from an SF State employee or student – especially if the sender asks for compensation (cash, credit card number, wire transfer, etc.).
  5. Stay aware and review our additional phishing resources on the ITS website at https://its.sfsu.edu/guides/phishing
  6. Your SF State username and password combination should be unique to SF State and not used anywhere else. Do not re-use your SF State username and password combination on other services such as Facebook, online banking, TikTok, etc. If you are unsure if you have re-used your SF State password, change your password immediately. The link to change your SF State password is on the University home page. Select "Login" at the top right of the page.
  7. Watch for any unusual activity in your email account. Some examples may include email forwarding, receiving strange messages, or seeing emails showing up in your sent items that you did not personally send. If you see such activity, change your password immediately and contact the ITS Service Desk by emailing service@sfsu.edu, calling 415-338-1420, or submitting a ticket online

 

Phishing Scammer

 

Please help protect yourself, your devices, and our campus community against cybersecurity criminals and their attacks by being vigilant, paying attention, and being careful with your data here at SF State. Our Gator community appreciates your efforts.

 

Please continue to have a safe and secure Spring 2024 semester.