How to Identify and Report Phishing Scams

How to Identify and Report Phishing Scams

Avoid Phishing Emails, Fake Alerts and Phony Support Calls

Phishing is the act of fraudulently obtaining personal information. Fake emails, pop-up ads and phone calls are used to trick us into sharing personal information.  If you see a message while browsing the web that your computer has a virus or someone claiming to be from technical support calls and asks for personal information, you’re likely the target of a scam. 

Please refer to the tips noted below to avoid phishing emails and scams.

Display Name Spoofing.  Check the email address of the sender.

Fake emails display the name of a key contact or someone you know, but the email address is incorrect. Check the full email address rather than looking only at the display name.

For example: Last year some employees received a fake email supposedly sent by our own President Castro. The spoofed display name was “ joseph I castro “. Upon closer inspection, the sender’s email address “<presidentjic.csufresno.edu@gmail.com>” was incorrect.

At times, you can determine if a message is phishing or spam by closely looking at the sender’s email address.  If the sender's email address is hidden, has a bunch of numbers or is from a domain you don't recognize (the part after the "@") then the email is likely phishing or spam.

Pop-up Alerts or Ads

When you browse the web, you might see a pop-up ad or a page warning you about a problem with your computer. The pop-up might appear to be from a legitimate company, but is in fact a fake. These fake alerts and pop-ups are designed to trick you into calling a phony support number or buying an app that claims to fix the issue. Don’t call the number. Simply close the browser window.

Suspicious Phone Calls or Voice mails

Scammers use sweet talk and fear to pressure you into giving them information. Always verify the caller's identity before you provide any personal information. 

Phishing Emails and Text Messages

Scammers use email that appears to be from legitimate companies to trick you into entering personal information.  Never follow links or open attachments in suspicious or unsolicited messages. If you need to change or update personal information, contact the company directly. 

Did you know?

  • Emails from a VIP asking to do an urgent wire transfer or buy some gift cards are scams!
  • No one from Microsoft or Apple is going to call you about your computer that has a virus!
  • The IRS isn't going to call you and threaten legal action, unless you pay them using gift cards!

These signs can help you identify phishing scams:

  • The message always has a sense of urgency.
  • The message requests personal information, like an account password or credit card number.
  • The message is unsolicited and contains an attachment.
  • The message requests you purchase gift cards as payment.
  • The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.

Do not react to scare tactics.

All of these attacks rely on scare tactics to manipulate the recipient, such as lawsuits, computer viruses or missing out on a great interest rate. Don't fall for it!

Practice common sense.

If something seems suspicious it probably is and should be treated with caution. If you are ever uncertain, please contact the Technology Service Desk at 278-5000 for assistance.

How to report phishing attempts and other suspicious messages:

To report a suspicious email, forward the message to Technology Services – Information Security (reportphishing@csufresno.edu) - with complete information. This email address is monitored by the Information Security team, but you might not receive a reply to your report.

In Google Mail:

  • Open the message you would like to view
  • Click the three vertical dots " ⋮ " next to reply
  • Select “Show original” - the original message will show in a new browser tab
  • Click the "Copy to Clipboard" button to copy the entire message
  • Close the browser tab containing the original message
  • Compose a new email message and add the "To" address (e.g. reportphishing@csufresno.edu  )
  • Paste the copied text into the new message
  • Send the message

How to mark phishing and other suspicious messages as spam in Gmail:

Within Google Mail:

  • On a computer, go to Gmail.
  • Open the message.
  • Click the three vertical dots " ⋮ " next to reply.   Note: If you are using classic Gmail, click the Down arrow.
  • Click Report phishing.

Visit our Information Security page for additional information on how to report phishing attempts or other suspicious messages.

 

Was this helpful?
0 reviews

Details

Article ID: 106832
Created
Tue 5/5/20 12:34 PM
Modified
Wed 7/22/20 4:54 PM