• Phishing11
  • Phishing222
  • Phishing333
  • Phishing41
 Phishing attempts this week             All recent phishing attempts


Is it phishing ?

Scammers and spammers know that people are busy and, most likely, will read their mail quickly with out spending much time looking at the message itself.  It is this characteristic that they are relying on when they send out these messages.  Identifying a phishing attempt can be easy, as long as you know what to look for and take your time to look at the message for the clues indicating it may be a phishing message. 

There is a difference between spam and phishing. Spam is unsolicited email, usually from someone trying to sell something and does not try to obtain personal or confidential information.  Other than cluttering up one's inbox, spam usually does no harm.  To control this type of mail simply flag the item as junk. 

what is phishing and is there more than one type?

tips and identifying phishing


I replied to a phishing message - now what ?

It happens, you are busy, you just got back from a 2 week vacation and now have to catch up on all of that email in your Inbox.  Then it occurs to you, but a little too late, that last email ... something about it did not look quite right!  You may have just responded to a phishing attempt.  All is not lost, but time can be important so take action quickly to lessen any possible harm. 

more information on what to do (remediation)


Most recent phishing attempts

Phishing on CSU cell phones and CSU office phones

For CSU cell phones: if you receive any messages or calls from 611 or 1-800-331-0500 and prompts you to provide personal information, do not respond. The phone is owned by the University and no personal information is tied to the phone service. No changes can be made by users; only Telecommunications Office is authorized to make any changes to the account.

For CSU office phones: if you receive calls from outside callers claiming that you have placed a call to them without your knowledge (i.e.. your direct number is appearing as caller ID instead of 216-687-2000), than your telephone number may have been “spoofed”.  Please alert Telecommunications if this becomes a recurring issue. We will work with you on an individual basis on how to address the situation.

If you receive any of the messages similar to those described below, or any of those listed in the archives:

- Do not reply, select any link or open any attachments
Mark the item as phishing (this will send the item to Microsoft for review and flag the item as "junk" in your mailbox) or delete the item. 

If the email you received is not listed below, or in the archives, and it contains the hallmark of a phishing attempt, forward the email to so that we can make others aware and take action to minimize any potential negative effects.

Listed below are the more recent phishing attempts detected on CSU accounts.  They are listed by the wording listed within the subject line, followed by a brief description of the email.  To view an example of the email, select the subject listed.

New this week

**** Special Notice ****

If you receive an email from what appears to be an individual you are associated with at CSU, and the email indicates they need to contact you but are unable to do so due they being in a meeting, on the road etc. and requests you email them back, check the email address that the mail was sent from, do not simply look at the name listed as it being sent from.  By looking at the email address, you will note that the mail was not sent from the individual that it initially appears to have been sent from.  These mails are being sent in an attempt to have people reply and then follow up emails will request confidential information, money in the form of cards, or other personal information.  If you receive one of these, DO NOT REPLY, simply delete the item.


  • Missed a voicemail messge - email that indicates that you may have missed a voicemail - it is made to appear to include an attachment with the voicemail.  Do not open or download the attachment.  Note the from email address, it is not from CSU.  If you hover over the attachment, do not select, you will note that there is a URL associated with the link that directs you to a unknown site.  (11/9)
  • No subject, body of message simply contains a link - email sent contains a simply one line message along with a link.  Do not select the link it will open a site of questionable content.  (11/9)
  • Notification - review Doc - this email contains a link that is made to appear to be OneDrive.  Please note the from address that it was sent from, along with the address it was sent to.  As always, if you are not familiar with the address the mailing was sent from and / or were not expecting such as email, never select the link. (11/9)
  • University Announcements - this is an attempt to get you to open an attachment that contains questionable content and / or executable code.  Please note the from address is not a CSU address, nor does CSU ever send out notices requesting you to open an attachment, click on a link and sign in or provide your sign in credentials.  (11/5)
  • Amazon Account Suspended - email that appears to have arrived from Amazon indicating that there is an issue with your billing / settings / sign in credentials and you must select the embedded link to sign in a correct the issue.  Note the from address is not that of Amazon and the unsubscribe address most likely will be that of either yours or another email address, again not one associated with Amazon.  Never select these links, to verify, manually enter Amazon's URL under a new tab in your browser and sign into your account.  If on a Wi-Fi, never sign into personal accounts such as banking, credit cards, Pay Pal, Amazon or any other account you may have with confidential information unless it is on a secured Wi-Fi that you trust. (10/31)
  • Notification - Review new Doc - this is an email that contains a link to an item that appears to be on a OneDrive account.  Note the from address, as always if you do not recognize the from address and / or were not expecting an email such as this, do not open the item or click the link.  (10/30)
  • Emergency - email that indicates that your account is restricted due to it being signed into a new computer and you have 24 hours to re-validate your account.  There is a link in the email that it requires you to select.  Please note - if you hove over the link with your mouse, do not select, you will note the link is not that of CSU nor Microsoft.  Also you are able to sign into your account using any device you wish, we never lock it out for reason such as that and lastly CSU nor Microsoft ever sends out emails requiring you to re-validate your account or provide your sign in credentials for any reason.  (10/29)
  • Currency - email that is requesting a monetary investment for a project.  This email has an attachment that when opened claims to provide details.  Do not open the attachment, results of opening it are questionable.  Please note that the email is of very poor grammar, and is most likely not from an email you normally have contact with (10/29)

To view a list of these and other Phishing notices that we have received in the past, based upon content type, visit the archives.