Contents

Information Security: Scams and Phishing

Img security incident.gif

"Telltail" Signs of Phishing

To safeguard your personal and financial information, be cautious when responding to email requests.  "Phishing" is the process of trying to acquire sensitive information (i.e.: usernames, passwords, credit card information, etc.) by masquerading as a trustworthy source in an electronic communication (i.e.: email or instant messaging). Phishing is one of the most popular methods employed by scammers to obtain your sensitive information.  The scammer offers to provide money or a service upon the receipt of your personal information.


Look for the following "telltale" signs of phishing:

  1. Email that asks for sensitive information (account number, SSN, credit card numbers, etc). Financial institutions and businesses that you have dealings with would never send you email to verify your account.
  2. Unusually long and incoherent URL. The address bar should make sense, and should explicitly indicate the site being visited. Often, phishing emails will ask you to click a link included in the body of the email.
  3. Phishing emails usually have typographical and grammatical errors. However, it's also wrong to assume that a professionally crafted email/site can never be a phishing email/site.


Images icon alert.jpg No one officially connected to Cal Poly Pomona will email you asking for any of the following sensitive information:

  • BroncoPassword or Passphrase
  • Social Security Number
  • Bank or Debit Card Information
  • Pin Number
  • Credit Card Information
  • Date of Birth
  • Driver’s License Number/ State ID Card (Any Other Forms of National or International Identification)
  • Home Address
  • Mother’s Maiden Name
  • Nationality
  • Medical History
  • Criminal History
  • Psychological Counseling Records
  • Etc.

The above list of sensitive information is not exhaustive.

back to top


Recent Phishing Examples that Purport to be from Cal Poly Pomona

Example: Subject: 1 New Message

Scam Overview:

Email title: 1 New Message
Scam target: Cal Poly Pomona Students, Faculty and Staff
Email sent: Wednesday, September 18, 2013 2:25 PM
Sender: Unknown
Scam objective: Obtain Cal Poly Pomona BroncoName, BroncoPassword, etc.
Phish link method: Click links
Is link masked? No
Visible link text: Press The Link Below To View Message. Press here to View Message
Actual link to: Identity thieves' website


An email asking you to log in to verify your Cal Poly Pomona email account can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.

  1. Note the punctuation error of the subject line.
  2. Note the sender's email address is not a Cal Poly Pomona email address.
  3. Note the lack of greeting. Vague or anonymous salutations should raise suspicion. Anonymous and vague greetings are characteristic of scams.
  4. Note the capitalization and punctuation errors of the first sentence, and for that matter, the whole message.
  5. Note the punctuation errors of the second half of the email.
  6. Note that the message was signed by no one specific. Unidentifiable and/or anonymous senders should raise suspicion.


Images lightbulb.jpg Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.

-----Original Message-----
From: Cal Poly Pomona - Webmail Services [mailto:malbright@stmartin.edu]
Sent: Wednesday, September 18, 2013 2:25 PM
Subject: 1 New Message.

You Have 1 New Important Mail Message,
Press The Link Below To View Message.
Press here to View Message
Cal Poly Pomona - Webmail Services


back to top


Example: Subject: * Problem from your email account *

Scam Overview:

Email title: * Problem from your email account *
Scam target: Cal Poly Pomona Students, Faculty and Staff
Email sent: Tuesday, December 11, 2012 6:15 PM
Sender: Unknown
Scam objective: Obtain Cal Poly Pomona BroncoName, BroncoPassword, etc.
Phish link method: Click links
Is link masked? No
Visible link text: CLICK HERE
Actual link to: Identity thieves' website


An email asking you to log in to verify your Cal Poly Pomona email account can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.

  1. Note the awkward grammar of the subject line.
  2. Note the sender's email address is not a Cal Poly Pomona email address.
  3. Note that the addressee is not a Cal Poly Pomona email address.
  4. Note the formatting error of the greeting.
  5. Note the anonymous greeting. Vague or anonymous salutations should raise suspicion. Anonymous and vague greetings are characteristic of scams.
  6. Note the formatting error of the first sentence, and for that matter, the whole message.
  7. Note the grammatical and punctuation errors of the second, third and fourth sentences.
  8. Note the grammatical and capitalization errors of the first sentence of the note under the "CLICK HERE" link.
  9. Note the punctuation and formatting errors of the sign-off.
  10. Note that the message was signed by no one specific. Unidentifiable and/or anonymous senders should raise suspicion.
  11. Note the awkward grammar of the sentences below the sign-off.


Images lightbulb.jpg Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.

-----Original Message-----
From: Schaffner, Carol B [mailto:cschaffner@colum.edu]
To: webmaster@admin.staffowa.org
Subject: * Problem from your email account *

Dear Email Users,

THIS MESSAGE IS FROM THE TECHNICAL SUPPORT TEAM.
If you are receiving this message it means
that your email-address is due for deactivation;
this was as a result of a continuous error script (code:505)
received from this email-address. To resolve this problem
you must reset your email-address. In order to reset this
email-address, please kindly fill with valid information by clicking on the link below:

CLICK HERE

Note: Providing a wrong information or ignoring

this message will resolve to the deactivation
of this Email Address. We apologize for any
inconvenience. Thank you for your cooperation.

Webmaster Desk (IT DEPARTMENT)

Information and Technology.

THE MAIL TEAM

----------------------------------------------------------------------------

This e-mail was sent by using automated process.
Please, do not reply to this e-mail as it cannot accept replies.

back to top


Example: Subject: Admin Support.

Scam Overview:

Email title: Admin Support.
Scam target: Cal Poly Pomona Students, Faculty and Staff
Email sent: Wednesday, September 19, 2012 8:53 AM
Sender: Unknown
Scam objective: Obtain Cal Poly Pomona BroncoName, BroncoPassword, etc.
Phish link method: Click links
Is link masked? No
Visible link text: CLICK HERE
Actual link to: Identity thieves' website


An email asking you to log in to verify your Cal Poly Pomona email account can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.

  1. Note the punctuation error in the subject line.
  2. Note the sender's email address is not a Cal Poly Pomona email address.
  3. Note the anonymous greeting. Vague or anonymous salutations should raise suspicion. Anonymous and vague greetings are characteristic of scams.
  4. Note the spelling error and capitalization errors of the first sentence.
  5. Note the capitalization and grammatical errors of the second sentence.
  6. Note the punctuation and capitalization errors of the last sentence.
  7. Note the grammatical and punctuation errors of the sign-off.
  8. Note that the message was signed by no one specific. Unidentifiable and/or anonymous senders should raise suspicion.


Images lightbulb.jpg Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.

-----Original Message-----
From: Chastity Wagner [mailto:chastity_wagner@skc.edu]
Sent: Wednesday, September 19, 2012 8:53 AM
Subject: Admin Support.

Dear Cal Poly Pomona User,

Our Webmail Admin Is Currently Congested, so we are deleting inactive Accounts. Verify That This Account Is Active By Verifying It Below.

To verify CLICK HERE

Thanks, ©2012 Cal Poly Pomona Webmaster IT Center.


back to top


Tips - How to Avoid Being "Hooked"

  1. Carefully review any email asking for personal information. If you are unsure if the email is a phishing scam, contact the Help Desk.
    1. If you know your BroncoName and BroncoPassword, you can log into Web Help Desk (WHD) and submit a Help Desk ticket to the Cal Poly Pomona Help Desk.
    2. If you can't log into WHD, use the help request form.
    3. Or, stop by the I&IT Help Desk with your Bronco Access Card or another photo ID.
      The I&IT Help Desk (X6776) is located in Building 1, Room 100.
  2. If the email sender address doesn't end in @csupomona.edu, it isn't from Cal Poly Pomona. However, even if it does, it still might not be from Cal Poly Pomona, as email senders can be easily spoofed.
  3. Practice safe and secure emailing. Never open an email from a sender you do not recognize and be extra cautious with email from unknown senders with blank, ambiguous or nonsensical subject lines.
  4. If you receive an email that is obviously a phishing email, don’t click on any enclosed links. Add the email to your spam list by following the tutorial at Spam: Managing Email Spam. Then delete the email.
  5. If an email sounds too good to be true, it probably isn't true. If it's "free" then you are probably paying in ways you don't realize -- your email address and your personal information or the storage and bandwidth of your computer.
  6. Don't believe or pass on stories that you cannot confirm. Check the credibility of authors and page owners by using some fact-checking tools:
    1. A list of Internet hoaxes -- http://hoaxbusters.org
    2. A website that reviews urban legends -- http://www.snopes.com
    3. Info on the latest scams -- http://www.scambusters.org
    4. Computer Emergency Response Team -- http://www.cert.org
    5. Computer virus info -- http://us.mcafee.com/virusInfo


To report a security attack directed at your computing resources or to notify us of a compromise of the Cal Poly Pomona network, contact the Incidence Response Team at abuse@csupomona.edu or call the Cal Poly Pomona Help Desk at 909.869.6776.

For more information on computer and network security incident protocol, visit Report a Security Incident at Report a Security Incident.

Disclaimer: Cal Poly Pomona does not endorse or recommend any commercial products, processes or services. Cal Poly Pomona’s eHelp website provides links to other Internet sites for informational purposes only. When users select a link to an external website, they are leaving the Cal Poly Pomona website and are subject to the privacy, security and accessibility policies of the owners/sponsors of the external site.

back to top


Additional Resources

  • Should you need further assistance, log into Web Help Desk (WHD) and submit a Help Desk ticket to the Cal Poly Pomona Help Desk (you will need to know your BroncoName and BroncoPassword). If you can't log into WHD, use the help request form or stop by the Cal Poly Pomona Help Desk in Building 1, Room 100.

    Help Desk Regular Business Hours:
    • Monday through Thursday: 7:30 AM - 6:00 PM
    • Fridays: 8:00 AM - 5:00 PM
    • Exceptions: National and State Holidays

      Note: Help Desk hours may be modified to 8:00 AM - 5:00 PM, Monday through Friday, when classes are not in session during the winter and spring breaks.

      Help Desk Summer Hours:
    • Monday through Thursday: 7:00 AM - 6:00 PM
    • Fridays: Closed
    • Exceptions: Regular Business Hours during the weeks of June 30, 2014 – July 4, 2014 and July 28, 2014 - August 1, 2014


Images lightbulb.jpg NOTE: Sensitive user-specific information should NOT be provided via email due to security concerns.

back to top


Ask the Poly Techies: Phishing Webisode

Watch the Ask the Poly Techies webisode on phishing!

http://video.csupomona.edu/iit/askthepolytechies2-655.asx (link opens in a new window)

back to top


Did you know?

Targeted Phishing:

Images icon question mark.gif Spear phishing, a targeted version of phishing, targets bank and online payment service customers. While the first such examples were sent indiscriminately, phishers may now be able to determine which banks potential victims use, and target those people with bogus emails accordingly.

Images icon question mark.gif Whaling is a phishing attack directed specifically at senior executives and other high profile targets within businesses.

For other tech terms, visit eHelp's Glossary at eHelp Glossary of Terms.

back to top