What is Phishing?
Phishing is a tool used by cyber criminals to steal personal information from another person. The fraudster will create an email that appears to be from a trusted source (e.g, your email provider, employer, bank, online account, etc.). The email is designed to trick you into entering confidential information (e.g., passwords, account numbers, SSN, birthdate, etc.) into a fake website usually by providing an embedded link to follow and confirm your account details. You may also be asked to reply to the email with this information. The criminal will then use the information provided to access your account to buy stuff, transfer money, send SPAM, or other damaging activity.
Recently, Cal Poly users have become the target of phishing emails designed to trick you into revealing your Cal Poly username and password. This puts you and the university at risk. Armed with this information, a phisher will typically use your campus email account to send more phishing or SPAM emails, but they can also access any personal information found on the portal.
Although this is commonly done by email, phone scams are another tool used to obtain your personal and Cal Poly information.
Cal Poly will never ask for your password via email, phone or a non-calpoly.edu web form. All password changes are handled through the Cal Poly Portal. If your account has been compromised, ITS will change your password immediately and then contact you regarding next steps. If you are not contacted but you know or think you responded to a phishing email, use the Cal Poly Portal to change your password and security questions and then notify abuse@calpoly.edu.
What is the threat from phishing emails?
- Identity theft
- Credit card fraud
- Stolen bank information - loss of $$
- Damage to individual's good credit
- Access to protected Cal Poly information could cause a security breach
- Damage to Cal Poly's reputation
- Cal Poly email accounts used to send phishing and SPAM emails
Why can't the email filter block phishing email?
Microsoft blocks hundreds of spam emails a day, but some still make it through. Through your browswer you can train it to block them for you: Report Phishing and Spam
What to do if you receive a phishing email message?
- If you receive a phishing email , do NOT reply, do NOT click on a link, do NOT open an attachment, and do NOT provide personal or confidential information.
- Report Phishing and Spam
What can you do to protect yourself?
- Follow good security practices - Take appropriate precautions when using email and web browsers to reduce your risks
- When you receive an email requesting personal information, ask yourself:
- Who is asking?
- Why would they ask for this?
- Why would they need it?
- Don't reply to emails asking for confidential information or to confirm password and account information. Cal Poly, or any reputable company will never solicit this information from you. If in doubt, call or logon to the company's website to confirm the legitimacy of the request.
- Don't click on embedded links in emails, especially ones asking for confidential information or to confirm password and account information.
- Use caution when opening email attachments.
- Don't email personal information.
- When providing personal information to a website, make sure the site is secure (using https and lock displayed in the browser).
- Monitor your bank accounts more than one time per month.
- Use strong passwords.
- Never share your Cal Poly password or use it for any other online account.
- Follow your "gut feeling" and don't respond to suspicious email messages.