• Phishing
  • Strong Password Panel 1
  • Strong Password Panel 2
 Phishing attempts this week             All recent phishing attempts


Is it phishing ?

Scammers and spammers know that people are busy and, most likely, will read their mail quickly with out spending much time looking at the message itself.  It is this characteristic that they are relying on when they send out these messages.  Identifying a phishing attempt can be easy, as long as you know what to look for and take your time to look at the message for the clues indicating it may be a phishing message. 

what is phishing and is there more than one type?

tips and identifying phishing


I replied to a phishing message - now what ?

It happens, you are busy, you just got back from a 2 week vacation and now have to catch up on all of that email in your Inbox.  Then it occurs to you, but a little too late, that last email ... something about it did not look quite right!  You may have just responded to a phishing attempt.  All is not lost, but time can be important so take action quickly to lessen any possible harm. 

more information on what to do (remediation)


Most recent phishing attempts

Phishing on CSU cell phones and CSU office phones

For CSU cell phones: if you receive any messages or calls from 611 and prompts you to enter personal information, do not respond. The phone is owned by the University and no personal information is tied to the phone service. No changes can be made by users; only Telecommunications Office is authorized to make any changes to the account.

For CSU office phones: if you receive calls from outside callers claiming that you have placed a call to them without your knowledge (i.e.. your direct number is appearing as caller ID instead of 216-687-2000), than your telephone number may have been “spoofed”.  Please alert Telecommunications if this becomes a recurring issue. We will work with you on an individual basis on how to address the situation.

If you receive any of the messages similar to those described below, or any of those listed in the archives:

- Do not reply, select any link or open any attachments
Mark the item as phishing (this will send the item to Microsoft for review and flag the item as "junk" in your mailbox) or delete the item. 

If the email you received is not listed below or in the archives, presume the email is a phishing attempt and forward the email to

New this week

  • High Level Security Warning - Email that warns individual that their account is about to be deactivated unless user clicks on a link to confirm and stop the deletion.  Email appears to come from CSU however, pay close attention to the "from" email address and you will note it in fact did not (4/10)
  • IT Support Team - email requesting you to download an attachment for email migration.  This email was not sent by CSU, nor do we ever request an individual to download any document to perform an action on an email account.  All system actions are performed by Microsoft and/or the CSU administrator with no user intervention or action required (4/10)
  • Employee Privacy Policy Updates - appears to have been sent from PeopleSoft.  The link within the email redirects you to a site that is not related to CSU nor to PeopleSoft.  Neither CSU nor PeopleSoft every sends notices requesting an individual to update such information. (4/12)
  • Email Notification - email that appears to have been sent from Microsoft informing the individual that their data limit has been reached and that they need to upgrade their account by selecting a link.  Hints that indicate this is not legitimate: the "from" address is not a Microsoft address; Microsoft never sends out notices such as these for CSU accounts nor does CSU; the grammar is poor; the formatting of the email is poor; the fonts do not match.
  • You will be billed - email indicating that your credit card is about to be billed, and there is an attachment for you to open to verify / contest the charge.  Note, if you suspect that your credit card has been used without your authorization, never respond nor open an attachment you may receive in an email.  Contact the credit card company immediately by calling the phone number listed on the back of your card or the number listed on the company's web site (never select a link in an email that will redirect you to the company's site, as it is highly likely that the site is a fake site) (4/24).
  • Help Desk - email that appears to have been sent from IST concerning changes to our sign in page, note that the email was sent from a non-CSU email address and contains a link to a non-CSU site.  Also, we never send out notices asking you to follow a link to verify your sign in credentials due to an upgrade.  (4/24).
  • Gold Miners - email from a gold / diamond / precious metals miners asking for assistance in  investments or transferring money.  You will receive a share if you assist.  These individuals are simply attempting to obtain personal information from you (4/24).

To view a list of these and other Phishing notices that we have received in the past, based upon content type, visit the archives.