Think Before You Click: Avoid Phishing and Digital Threats

Phishing


Phishing is a type of online scam where malicious perpetrators pretend to be someone you trust, such as a friend, classmate, coworker, company, or service provider. Their goal is to trick you into sharing sensitive information like passwords, credit card numbers, or login credentials. These scams often appear as emails, text messages, or fake websites that look legitimate but are designed to steal your data or install harmful software.

Phishing is one of the most popular methods employed by scammers to obtain sensitive information. You are a partner in preventing cybercrime by following these practices when receiving any message or notification.

 

  • Is the sender claiming to be someone official (e.g., your bank, doctor, professor, university staff, lawyer, or government employee or agency)? Criminals often pretend to be important people or organizations expecting you to supply information or take action.
  • Are you told you have a limited response time (e.g., 24 hours or immediately)? Criminals often threaten you with fines, loss of services, imprisonment, and other negative consequences. 
  • Does the message make you anxious, fearful, or curious? Criminals often use threatening language, make false claims, or tease you into wanting to find out more. 
  • Is the message offering something in short supply (e.g., concert tickets, money, or a cure for medical conditions)? Scammers can make you think you might miss out on an opportunity to entice you to respond quickly. 
  • The email, text, subject line, or content looks unusual or not typical for your friend, colleague, university, organization, or business to send and just not sound or read like them. 
  • The message may contain spelling or unusual grammar. 
  • The message could use overly vague or over-use professional jargon to appear legitimate. 

 

Example of a Phishing Email

Steps to spot a phishing email - steps outlined in the text below:

  1. Suspicious Subject Line
    Email text: "IMPORTANT NOTICE FOR EMAIL UPDATE FOR STAFF/STUDENT"
    The subject includes urgent, threatening, financial, job, or an unexpected offer.
  2. Unexpected Sender
    Email text: "B. Braunco bbraunco[@]cpp[.]edu 7:01 p.m."
    The email is from an individual asking for personal login or contact information.
  3. Urgent or Threatening Language
    Email text: "We received a request to terminate your office 365 email and this process has begun by our administrator. If you did not authorize this action and you have no knowledge of it, you are advised to verify your account. Kindly Copy and paste the link to the web browser. To Apply Now"
    The message contains an unusual request, urgent, or threatening language. Examples include a job offer or threat to disable your account.
  4. Links to External or Unfamiliar Sites
    Email text: "https://tinyurl[.com]/yc3xvwzp"
    The message contains links to a Google Form URL or other non-cpp.edu website asking for personal information.
  5. Poor Grammar or Unusual Word Choice
    Email text: "To verify your account! Failure to verify will result in account disablement. Copyright © 2024 All rights reserved"
    The message also includes unusual words or poor grammar. 

  • Never correspond or forward the message other than reporting it to suspectemail@cpp.edu or authorities. Communicating with cyber criminals verifies a successful connection and makes you a target for attempts in the future. 
  •  immediately if you reply to a suspicious or fraudulent message. 
  • Never click on links or provide personal or confidential information. Change your 六色网 password immediately if you click on any links or interact with a suspicious or fraudulent website. Check the URL as phishing websites are designed to look like legitimate websites. 
  • In most cases, you can safely delete the message if you have not replied or clicked on any links. 
  •  or related campus administrative office to evaluate your campus accounts and determine if they are compromised. 
  • Contact the University Police at 909-869-3070 if you have been a victim of fraud. 

  • Reject unknown login attempts using 2-Step/Multi-factor authentication:
    Duo puts you in control of access to your Bronco Account. If you receive a login attempt that you didn’t request, you should reject it. If you have questions or concerns about access to your Bronco Account, .
  • Cal Poly Pomona (六色网) staff, faculty or service providers will never ask you to authorize a Duo request. 
  • Think before you click: Don't click on links; always visit reputable websites directly. Successful cyber attacks often start with an urgent phishing email, message, notification, or call, impersonating real people or organizations to offer money for job opportunities, ask for donations, or spread misinformation. Reputable organizations should not contact you to take immediate action. A message could be a scam if: 
    • The offer sounds too good to be true. 
    • The message is unsolicited or unexpected. 
    • A package delivery, even if you’re expecting one. 
    • The sender doesn’t typically contact you using that particular method, service, or platform. 
    • The sender or organization doesn’t typically contact you on evenings, weekends, or holidays. 
  • Secure your logins and passwords: Never share passwords, create long and unique passwords for all accounts, including your Bronco Account, banking, and online shopping, and use two-factor authentication wherever possible. When in doubt, change your password immediately by visiting the website directly. 
  • Research any request for a donation: Do not let anyone rush you into a financial transaction. Never provide cash, gift cards, or wire funds.  
  • Keep software updated: Ensure that your personal and home devices install software updates automatically. 六色网 devices, software, and services managed by IT, and we will never contact you to request access to your account or device. 
  • Report suspicious emails to suspectemail@cpp.edu and mark them as Phishing using Microsoft 365*. 
    • Recent phishing messages impersonate 六色网 employees, job opportunities, invoices, payments, gifts, financial aid, Microsoft and other software services, political action groups, package deliveries, and government agencies or services. These messages typically ask you to use a personal email and phone and to contact a non-六色网 address, allowing them to avoid campus network security.
    • *To report a Phishing attempt to Microsoft from your Outlook.com inbox, select the arrow next to [Junk] and select [Phishing]. 

If you have questions or need assistance with phishing, , or issues with your email, please . For more serious concerns or if further guidance is needed, you may also reach out to the CISO at ciso@cpp.edu

Spoofing


Spoofing is a type of cyber attack where a person or program successfully masquerades as another by falsifying data. This can occur in various forms, including email spoofing, IP spoofing, and website spoofing. The goal of spoofing is often to gain access to personal information, steal money, or spread malware.

Email spoofing involves sending emails with a forged sender address. These emails appear to come from a trusted source, such as a colleague or a known organization, but are actually from a malicious actor. Email “spoofing” is used by phishing and spam perpetrators to trick someone into opening the message by thinking it is from someone familiar.

  • Is the name familiar, but the email address look strange? 
    Scammers often use real names with fake or look-alike email addresses. Always check the full address — not just the name that shows up. 
  • Does the signature look odd or off? 
    The phone number, job title, or location in the email might not match what you know about the person. (Example: A “六色网 staff” email with a New York phone number. 
  • Does the message seem unusual or not like the sender’s normal style? 
    If the tone is overly formal, vague, or unexpectedly urgent, it may not be from the real person. When in doubt, verify before responding. 

  • Never correspond or forward the message other than reporting it to suspectemail@cpp.edu or authorities. Communicating with cyber criminals verifies a successful connection and makes you a target for attempts in the future. 
  •  immediately if you reply to a suspicious or fraudulent message. 
  • Never click on links or provide personal or confidential information. Change your 六色网 password immediately if you click on any links or interact with a suspicious or fraudulent website. Check the URL as phishing websites are designed to look like legitimate websites. 
  • In most cases, you can safely delete the message if you have not replied or clicked on any links. 
  •  or related campus administrative office to evaluate your campus accounts and determine if they are compromised. 
  • Contact the University Police at 909-869-3070 if you have been a victim of fraud. 

Smishing


Smishing (SMS phishing) is a type of phishing attack that uses text messages to trick individuals into providing sensitive information or downloading malicious software. These messages often appear to come from legitimate sources, such as banks or service providers.

  • Is the message asking you to click a link or share personal info? 
    Legitimate companies, including banks and government agencies, won't ask for passwords, PINs, or credit card numbers by text. If a message asks you to verify personal data, it's likely a smishing scam. 
  • Does the message create a sense of urgency or threat? 
    Smishers often use alarming language like "your account is locked" or "you must act now" to pressure you into a quick response without verifying the message's legitimacy. 
  • Is the link in the text shortened or does it seem suspicious? 
    Be cautious of links in texts that appear unusual or have been shortened (e.g., bit.ly), as these can hide malicious destinations.  
  • Is the message from a weird or unfamiliar number or name? 
    Smishers might use random phone numbers or vague names like “Delivery Notice” or “Bank Alert.” 
  • Does the message seem too good to be true? 
    Messages promising prizes, refunds, or gift cards you weren't expecting are likely fraudulent. 
  • Does the text use a generic greeting like “Dear Customer”? 
    Legitimate organizations typically use your name. Be cautious of messages that begin with vague or impersonal greetings. 

  • Never respond to suspicious text messages or click on any links they contain. Communicating with cyber criminals verifies a successful connection and makes you a target for attempts in the future.   
  • Report the smishing attempt to your mobile carrier and block the sender. 
    While this may not prevent future smishing attempts from other numbers, it can help reduce overall risk. 
  • Use your phone’s security settings to filter unknown or spam messages. 
    Most smartphones offer settings to identify, block, or redirect suspicious text messages automatically.  
  • If you clicked a suspicious link or shared information, take action quickly. 
    • Change your passwords, especially if you have entered them into a suspicious site. 
    • Keep an eye out for unusual or unauthorized activity in your accounts. 
    • Contact your bank or IT support if needed.