curved top shadow

Dear faculty, staff and students,

During the evening of Wednesday, March 25, a phishing email was sent out to many San Diego State University users from a spoofed SDSU email address. As the work environment for many around the world rapidly changes due to the coronavirus (COVID-19), cyber-criminals are becoming more active to try and take advantage of the confusion.

We are sharing this warning because the attack had a higher level of sophistication than we usually see from phishing emails. This email provides information to help you identify a phishing attempt, and clarifies what you should do if you receive such a message.

March 25 Phishing Message

The email message, shown below, appeared to have come from a sender within SDSU, and utilized a fake copy of a real SDSU website to trick users into entering their credentials. The only immediate signs that the email is fraudulent are the missed capitalization of the word "March" (grammar errors are a common indicator of phishing), and that the signature block claims to be from SDSU President Adela de la Torre despite the email address not containing her name.

(Click image to view larger version.)
If a user were to click the link in the fraudulent email, they would be brought to a website, shown below, that is a very convincing copy of the Employee Gateway of the SDSU Research Foundation. In this case, the only giveaways that the website is a fake are that the URL is not the proper URL of the Employee Gateway, and the copyright logo in the bottom left corner does not display properly.

(Click image to view larger version.)

Protecting Against Phishing

Please observe the following guidelines to protect yourself and the university from malicious attempts at accessing information and protected data.

A mismatched URL

One of the first things to check in a suspicious email is the validity of a URL. If you hover the mouse over the link without clicking on it, the full hyperlinked address should appear. Despite seeming perfectly legitimate, if the URL does not match the address displayed, it is an indication that the message is fraudulent and likely to be a phishing email.

Poor spelling and grammar

Cybercriminals are renowned for poor quality spelling and grammar. If you spot any spelling mistakes or poor grammar within an email, this may indicate the presence of a phishing email.

The use of threatening or urgent language

A common phishing tactic is to promote a sense of fear or urgency to rush someone into clicking on a link. Cybercriminals will often use threats that your security has been compromised and that urgent action is required to remedy the situation. Be cautious of subject lines that claim your account has had an “unauthorized login attempt” or your “account has been suspended”. If you are unsure if the request is legitimate, contact the IT helpdesk directly, by going to the IT support website.

Unexpected Correspondence

If you receive an email informing you that you have won a competition you did not enter or a request that you click on a link to receive a prize, it’s highly likely to be a phishing email. If an offer seems too good to be true, it usually is.

Beware of online requests for personal information

A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.

Report the issue and learn more

Immediately forward any phishing or scam email to [email protected].

For SDSU and California State University (CSU) information, please visit these sites frequently, as they are regularly updated.

Best regards,

Ricardo Fitipaldi
Interim Information Security Officer
IT Security Office

curved bottom shadow