Phishing & How to Protect Yourself
Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your personal information. They send out e-mails that appear to come from Cal Poly.
The e-mails state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails will ask that you enter even more information, such as your full name, address, phone number, social security number, and credit card number. However, even if you visit the false website and just enter your username and password, the phisher may be able to gain access to more information by just logging in to you account.
For more information on what phishing is, visit our main Phishing page.
Recent Phishing Email Examples
Is That URL Safe?
Look at the URL in your browser's address line and watch out for fake links. Here are some examples of misleading links that appear like the Cal Poly Portal:
Rules of thumb
- Do not use the link in an email to go to the Cal Poly Portal, type the URL in by hand.
- Do not believe the text on the page. In most email clients, if you hover over the link with your mouse, a popup will appear and show you the link. In we pages when you hover over a link, the address is displayed in the footer of the browser.
Here is an example of two links that appear the same:
They look the same on this page, but do not go to the same place. The second link goes to Google, not the Cal Poly Portal:
Here is the link to the real Cal Poly Portal:
The hidden link can take you to a fake version of our Cal Poly Portal. Here is an example:
This is the real Cal Poly Portal:
The only real difference is the URL.
Legitimate Cal Poly Emails
Cal Poly annually ends you email notifications when your password is about to expire that look like the following email:
For more information, visit our main phishing page.
If you are unsure whether an email is phishing, please call the ITS Service Desk at (805) 756-7000 or forward the email to email@example.com to verify if the email is legitimate.
The Basics content adapted from The Tech Terms Dictionary