CSUN’s information technology department is in a constant battle to prevent fraudulent messages from reaching the university’s email users.
Among the most recently reported phishing scams is an email that appears to come from CSUN’s information technology department cautioning the recipient that failure to provide his/her user name and password will result in deactivation of the email account, said Chris Olsen, information security officer in CSUN’s information technology department.
Though the email looks official and urgent, containing the Cal State Northridge logo and a subject line that reads, “IMPORTANT NOTICE” a closer inspection reveals spelling and grammatical errors and other signs that challenge its credibility, he said.
“Email scams have been becoming more prevalent in the last two to three years. We don’t have a direct number of how many people respond to these emails, but we know that some percentage will respond and that some percentage of people on our campus are falling prey,” Olsen said.
Olsen said that college universities are especially desirable targets for scams because university email addresses are generally considered safe and are not blocked by most companies. Once the criminals have hijacked email addresses with a .edu extension, they are virtually guaranteed that the spam or phishing messages they send out will reach their intended targets.
“We probably get 50 fraudulent messages that enter the campus every month that could reach any number of users. It could be 20, 200, or 1,000—we don’t know for sure,” Olsen said.
Although phishing emails can be deceptive, there is a relatively easy way of determining whether an email is legitimate, Olsen said.
“It’s really simple. Anytime anyone in any message asks you to give up information, 99.999 percent of the time, it’s a scam,” Olsen said. “We’ll never ask students to give up information via email. If you keep that one rule of thumb in mind, you’ll never fall prey.”
Olsen said CSUN’s information technology department takes steps to block the URL of any external links included phishing emails, but by that point much of the damage has been done.
“The only combating tool for this is awareness,” he said. “No technology can prevent the problem once user names and passwords are released.”
The information technology department offers the following tips to CSUN email users to ensure the security of data:
- Never share your user password with others or write it down in a conspicuous place.
- The University will never request your username, password, or other personal information by email. If you suspect that your email account has been compromised, please visit the website, shouldichangemypassword.com.
- Use the secure connection provided by the Virtual Private Network (VPN) when accessing the University’s wireless network. This secure connection prevents unwanted viewing of your electronic communications.
- Secure your laptop(s) in a locked environment whenever you are away from your computer. Consider using a lock to secure your laptop to a desk.
- Register your computer with a theft recovery service. Visit http://www-admn.csun.edu/police/stop_flyer.pdf to learn more about the CSUN “STOP” program.
CSUN email users who receive a fraudulent message should not respond to it, immediately forward the email to abuse@csun.edu, then delete the email.