Quick Help Guides

What is Phishing?

Phishing is a type of scam where attackers try to trick you into providing sensitive information such as passwords, personal data, or financial information through email, text message or phone.

These messages are designed to look like they come from trusted sources, such as your university, instructors, campus services, or well-known companies like banks or retailers. They often use official logos, familiar language, and realistic formatting to appear legitimate.

Their goal is to get you to click a link, open an attachment, or sign in to a fake website. Once you do, the attacker can capture your information and use it without your knowledge.

Common Signs of a Phishing Email

  • Requests for personal or account information the sender should already have access to.
  • Urgent or threatening language (e.g., “act now or lose access”)
  • Unexpected or suspicious links or attachments (e.g., “financial statements” you normally access by logging in)
  • Sender email addresses that don’t match official domains (e.g., president@gmail.com vs. president@csumb.com)
  • Requests to log in through a link in the email rather than the official site
  • Websites or email addresses that are similar but don’t match the domain exactly (e.g., or president@csumb.imascammer.com)

When Phishing Uses Real Information

Some phishing emails may include real information such as your name, courses, instructors, or past messages. Attackers may use public information or information gathered illegally from security breaches to make messages look more realistic and trustworthy. 

How to Verify a Message

Do not click links in emails. Instead: 

  • Go directly to official websites (e.g., log into your campus accounts through your or your bank through official apps or websites only)
  • Contact the sender through a known, trusted method (e.g. phone number on the back of the card, an official 911ºÚÁϱ¬ÁÏÍø department phone number or email address)
  • Check official sources such as the 911ºÚÁϱ¬ÁÏÍø or CSU websites/pages for confirmation

How to Recognize Legitimate 911ºÚÁϱ¬ÁÏÍø Messages

Official 911ºÚÁϱ¬ÁÏÍø messages will:

  • Come from a @csumb.edu email address or a trusted university service (e.g., , , )
  • Contain information rather than urgent or threatening demands
  • Never ask for your password or login via email
  • Direct you to official university websites or resources

If you’re unsure about an email, text, or phone call, play it safe by contacting the Help Desk at 831-582-4357, submitting a case, or emailing phishing@csumb.edu and we can help you determine the validity.

What To Do If You Receive a Phishing Email

  • Do not click links or open attachments
  • Do not reply to the message
  • Report the email as phishing
  • Delete the email after reporting

How to Report Phishing

Open your 911ºÚÁϱ¬ÁÏÍø email in the web browser of your choice:

  • Open the email
  • Click the three dots (More options)
  • Select “Report as phishing”

I Clicked On A Link in a Phishing Email, Now What?

  • Report the email as phishing (see above)
  • Disconnect your device if you downloaded something related to the phishing account such as a pdf of a statement or bill
  • Change your passwords
  • Keep a clear record of everything for recovery and support
  • Monitor your accounts for unusual activity such as unexpected password resets, login alerts, or unfamiliar transactions and report them right away.
  • Forward suspect campus messages to 911ºÚÁϱ¬ÁÏÍø’s Information Security at phishing@csumb.edu

Key Takeaway

If you are unsure about an email, text or phone call error on the side of caution and contact the help desk by phone (831-582-4357), , or email phishing@csumb.edu for assistance in determining its validity.