- Never open email from users unknown to you or email that has a suspicious subject
or a blank subject.
- Never open an email attachment if you are not expecting an email attachment. Verify
that the email is legitimate before opening the email. Many viruses and worms come
in the form of a joke or look at my photos or something that seems too good to be
true. Remember: Never open an email attachment unless you know what it is--even if
it comes from someone you know and trust. Do not open or run any program with a double
extension. Example: jokes.jpg.com memo.doc.exe mypictures.gif. NETSPYHUNTER-1.2.EXE
- Never download files from unknown or suspicious sources.
- NEVER open any files or macros attached to an email from an unknown, suspicious or
untrustworthy source. Delete these attachments immediately, then "double delete" them
by emptying your Trash. Delete spam, chain, and other junk email without forwarding
it to anyone.
Recently many users received fraudulent email asking them to verify their email account.
At first glance the email appears to come from the Information Technology help desk
or support team. Phishing is fraudulent email that attempts to get sensitive or private
information from a user such as email account and password, bank account numbers and
password or pin numbers, credit card account information. Phishing email usually has
misspelled words or poor grammar. Please note that all legitimate information sent
from the Information Technology Division will adhere to the following:
- All campus wide email announcements are only sent from user firstname.lastname@example.org or
- We will never ask you to send your email password or other sensitive information via
- There will always be a legitimate CSU staff as the contact person and a CSU phone
number to call for more information or assistance,
- Only CSU legitimate email addresses will be use such as email@example.com . We will
never direct you toward an AOL or MSN or YAHOO (any non-CSU) email address. Only email
addresses that have @csu.edu will be used.
Help us stop the spread of abusive email by forwarding abusive email that you receive
to firstname.lastname@example.org. Please see the CSU Information Technology Division website for more information regarding email and other computer security tips.
Example of Phishing:
-------- Original Message --------
Subject: FINAL VERIFICATION OF YOUR EDU EMAIL ACCOUNT
Date: Tue, 27 May 2008 14:58:06 -0500
From: EDU TEAM email@example.com
Reply-To: firstname.lastname@example.org To: undisclosed-recipients:
VERIFY YOUR EDU EMAIL ACCOUNT NOW
Dear Edu Email Account Owner,
This message is from Edu messaging center to all Edu email account owners. We are
currently upgrading our data base and e-mail account center. We are deleting all Edu
email account to create morespace for new accounts. To prevent your account from closing
you will have to update it below so that we will know that it's a present used account.
We have been sending this notice to all our Edu email account owners and this is the
last notice/verification exercise.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :.................
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........
Warning!!! Account owner that refuses to update his or her account within Seven days
of receiving this warning will lose his or her account permanently.
Thank you for using edu! Warning Code:VX2G99AAJ Thanks, EDU BETA Reviewed:
August 19, 2010