Spear Phishing

Spear phishing uses personalized, well crafted emails to direct users to visit a website — a forged campus website — and requires them to enter their authentication credentials. The emails appear to come from a legitimate campus office and often successfully by-pass anti-spam protections.

The forged website is used to steal valid authentication credentials which, in turn, are used for malicious purposes such as identity theft or generating spam.

Don't be fooled

Be suspicious of "legitimate" emails requesting you to visit a web site to "reset" or "confirm" your "account details".

Learn to recognize phishing.  The example below, although  personalized to appear to come from a legitimate campus office, still contains several signs of phishing, including:

• spelling errors
• a disguised or not-quite-right Internet link
  
• awkward phrasing
• threating language  (click here or else!)

 Example

From: CSU San Bernardino <web-support@csusb.edu>
To: <jcoytoe@csusb.edu>
Subject: [CSUSB] Email Account Upgrade!

This email is to warn faculty and students of CSU San
Bernardino that there have been attepmtings to hack our
emails server.

To make reparis, we will be upgrading in a few days.  As part
of the upgrade, we will be deleating unused accounts to save
space and for security.  To be sure your account is not
deleted, you need to login to here:

http://mail.csusbedu.net/login/confirm?1

Users that do not login within three (3) days may have their
accounts disabled and email deleted.

---
CSU San Bernardino Support Team <web-support@csusb.edu>