Is it phishing ?
Scammers and spammers know that people are busy and, most likely, will read their mail quickly with out spending much time looking at the message itself. It is this characteristic that they are relying on when they send out these messages. Identifying a phishing attempt can be easy, as long as you know what to look for and take your time to look at the message for the clues indicating it may be a phishing message.
I replied to a phishing message - now what ?
It happens, you are busy, you just got back from a 2 week vacation and now have to catch up on all of that email in your Inbox. Then it occurs to you, but a little too late, that last email ... something about it did not look quite right! You may have just responded to a phishing attempt. All is not lost, but time can be important so take action quickly to lessen any possible harm.
Phishing on CSU cell phones and CSU office phones
For CSU cell phones: if you receive any messages or calls from 611 and prompts you to enter personal information, do not respond. The phone is owned by the University and no personal information is tied to the phone service. No changes can be made by users; only Telecommunications Office is authorized to make any changes to the account.
For CSU office phones: if you receive calls from outside callers claiming that you have placed a call to them without your knowledge (i.e.. your direct number is appearing as caller ID instead of 216-687-2000), than your telephone number may have been “spoofed”. Please alert Telecommunications if this becomes a recurring issue. We will work with you on an individual basis on how to address the situation.
If you receive any of the messages similar to those described below, or any of those listed in the archives:
- Do not reply, select any link or open any attachments
- Mark the item as phishing (this will send the item to Microsoft for review and flag the item as "junk" in your mailbox) or delete the item.
If the email you received is not listed below or in the archives, presume the email is a phishing attempt and forward the email to email@example.com
Listed below are the more recent phishing attempts detected on CSU accounts. They are listed by the wording listed in the subject line, followed by a brief description of the item. To view an example of the email, select the subject listed.
New this week
- Email from President Sands - email that appears to have been sent from CSU's President Sands that contains an attachment and request you open and review the guidelines in the attachment. Please note the "from" address is not that of CSU. Do not open the attachment, this is an attempt to gain access to your device and / or personal information. (8/6)
- Re: Please Review Documents - an email that appears to have a link to documents on a OneDrive account. Do not select the link, this will download malicious material and / or is simply an attempt to obtain personal information. (8/9)
- Incoming Fax - most likely this is an email one is not expecting. It has a link embedded within it that most likely would download malicious code when selected. As always, if you were not expecting an email with an attachment or a link that you are required to select, even if it is from a familiar address, do not open or select until you have independently verified it authenticity (never reply to the email asking for verification). Also never open or select a link in an email from an address you do not recognize. (8/14)
- Syncing Error - (5) failed messages - this is an email that is meant to appear as if it were sent from Microsoft. It is not, Microsoft does not notify individuals of such issues, as they do not occur in our environment. Also please note the "from" address is not from that of a Microsoft email address nor CSU. (8/14)
- Cleveland State University Notice - email appears to be sent on behalf of CSU. It indicates that your account needs attention in order to send mail due to your not accessing the account for a few days. CSU, nor Microsoft, has no requirement that you must sign into your CSU account to keep it valid. Note that the "from" address is not that of CSU nor Microsoft and the colors associated with the graphics are not that of CSU. (8/14)
- Microsoft Email Confirmation - email that appears to have been sent from Microsoft. Please note that the "from" address is not that of Microsoft and when you hover over the link that it direct you to sign in at, you will note that the URL is not that of Microsoft. Also pay attention to the content of the email, it indicates that your account is inactive, yet you are signed in and reading the email. (8/14)
To view a list of these and other Phishing notices that we have received in the past, based upon content type, visit the archives.