How to Identify Phishing Emails

What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking or credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

If you believe your account may be compromised due to a phishing email, please change your password immediately and call IT Support Services at 530-898-4357. 

How can I identify Phishing?

Below are common tactics that you may notice in spam, phishing, or scam emails. Please be aware of these, and report any suspicious emails using the KnowB4 "Phish Alert" button in your email interface. 

1. Suspicious Email Address: Check the sender's email address. Often, phishing emails will come from a slightly altered or misspelled version of a legitimate email address. This may also include people contacting you from their personal email address, rather than their work or department email.

   • An example might be jsmith.csuchico@gmail.com

   • Technical or account related emails that come from a specific person instead of IT Support Services or Office of the Registrar may be fraudulent. 

2. Generic Greetings or Signatures: Phishing emails often will be targeted toward students specifically, so titles like "Dear Students" instead of using your specific name may be a questionable email. This could also be a generic sign off such as "Thank you, IT Admin"

3. Emails from Unfamiliar Senders: Some emails may pose as a department chair or director from a department you are not associated with.

4. Urgency or Threats: Scammers often create a sense of urgency or threat to prompt immediate action.

   • An example we've seen before are threats to suspend or delete your Chico State account or failure to receive financial aid.

5. Poor Spelling and Grammar: Many phishing emails contain spelling and grammatical errors.

6. Mismatched URLs: Hover over any links in the email without clicking on them to see the actual URL. If the link address looks suspicious or doesn't match the purported source of the email, it's likely a phishing attempt.

7. Unsolicited Attachments: Be cautious of unexpected attachments, especially from unknown senders. Never download files from suspicious emails. These can contain malware.

8. Request for Personal Information: Chico State will not request sensitive personal information via email.

   • This will include contact information, addresses, phone numbers, username, ID number, Social Security Number, banking or credit card numbers, or other personal information. You should never provide this information via email, online form, text message, etc. 

9. Too Good to Be True: Be skeptical of emails offering prizes, lottery winnings, or overly generous offers.

   • Often this will relate to job offers, financial aid, or other offers that seem to be extremely giving. 

10. Mismatched Email Signature: Sometimes, the name in the email signature doesn't match the sender's name or email address.

11. Unexpected Requests for Money: Be wary of emails asking for money transfers or payments, especially if they are unexpected or unsolicited.

    • This may come as a request for gift cards with promise of reimbursement or pay back. You should never deposit checks from unknown individuals.

What do I do if I was Phished?

If you believe your account may be compromised due to a phishing email, please change your password immediately and call IT Support Services at 530-898-4357. 

Here are some other tips if you believe your information may have been collected fraudulently: 

1. Change Passwords: Change the passwords for any and all accounts that may be compromised.
   • It is recommended to have different passwords for different accounts because if one is compromised, the others may as well. 
   • For security purposes, Chico State requires annual password changes to avoid security risks such as these.
2. Contact Financial Institutions: If you provided any financial information, deposited checks, or accepted money, contact your bank(s) as soon as possible.
3. Scan your device(s) for Malware: Run a full system scan on your devices using an anti-virus or anti-malware software.
   • These scans should detect anything malicious on your device. Some business may offer malware removal services that could assist with any potentially compromised systems.
4. Monitor Online Accounts: Keep an eye on other online accounts, including banking, social media, and email accounts for any unauthorized activity or suspicious login attempts. 
5. Turn on Multifactor Authentication: While Chico State requires the use of Duo for multifactor authentication on your account, this is not required on many other platforms. See if your accounts will allow you to turn on a feature like this. Typically, you can find it under the security settings.