As we approach the end of the 2024 Spring semester, it's crucial to prioritize information security. The ITS Security Team urges you to remain vigilant and protect yourself, your devices, and our campus community from the increasing cybersecurity threats. To assist you in this, we're sharing essential information to safeguard your data and information. SF State has recently been targeted by multiple phishing and smishing scams, posing a significant risk to our Gator students, faculty, and staff through compromised university email accounts, spoofing, and text messages (SMS).
Students, you may have received messages about graduation, student loan forgiveness, or unpaid tuition. It's important to know that these messages are often malicious and sent by cybercriminals attempting to trick you into revealing your private information or compensation. They may even threaten that you won't graduate due to unpaid fees. Remember, the university will never send threatening messages. If you're unsure about your balance, you can always check in the Student Center.
Faculty and staff have received phishing messages focusing on public employee retirement benefits. Some messages refer to an annual pension review, and some refer to your 403B account. Please be vigilant when responding to these sorts of emails. You can always refer to the HR website for any questions or inquiries about retirement benefits.
Graduating students receive various messages from criminals posing as recruiters. These cyber scammers post fake job listings to steal money and an end user's identity. The Federal Trade Commission states that job seekers who receive a prospective opportunity should always research the job and the recruiter. For example, if it is a job at a university office, the prospective candidate should contact the department directly to confirm the details.
These phishing messages look real but are not. Please be advised that these messages appear in SF State and personal email inboxes. Falling for these tactics can allow the fraudster to capture personal information and potentially steal login credentials.
What You Can Do:
Be vigilant and help protect yourself with the following actions:
- If you are unsure if a message is legitimate, please forward it to abuse@sfsu.edu for inspection or use the "Report Phishing" button in Outlook.
- Do not click on links or attachments from recipients you do not recognize. Be especially wary of .zip files or other compressed or executable file types.
- Do not send sensitive personal information(like usernames and passwords) via email. If you receive an email asking you to take action involving your username and password, contact the sender by phone before doing so.
- Do not assume a "sfsu.edu" email address is from an SF State employee or student – especially if the sender asks for compensation (cash, credit card number, wire transfer, etc.).
- Stay aware and review our additional phishing resources on the ITS website at https://its.sfsu.edu/guides/phishing.
- Your SF State username and password combination should be unique to SF State and not used anywhere else. Do not re-use your SF State username and password combination on other services such as Facebook, online banking, TikTok, etc. If you are still determining if you have re-used your SF State password, change your password immediately. The link to change your SF State password is on the University home page. Select "Login" at the top right of the page.
- Watch for any unusual activity in your email account. Some examples may include email forwarding, receiving strange messages, or seeing emails showing up in your sent items that you did not personally send. If you see such activity, change your password immediately and contact the ITS Service Desk by emailing service@sfsu.edu, calling 415-338-1420, or submitting a ticket online.
Thank you for being vigilant, attentive, and careful when protecting your data at SF State. Our Gator community appreciates your efforts.
Please have a safe and secure end to your Spring 2024 semester and a relaxing summer.