Some members of our campus were recently targeted by a sophisticated email attack. This email claimed to come from an SJSU employee, asking the recipient to open certain attachments and refund purchases.
This type of attack, called “spear phishing,” was an attempt by criminals to gain access to SJSU accounts. Phishing attacks have always been and continue to remain especially prevalent in higher education because of our inherent transparency. Spear phishing attacks take this tactic one step further, targeting specific individuals using specific scenarios that look and feel much more plausible. For example, attackers may claim to be the CEO or other executives attempting to trick Finance employees into sending money, even attaching fake invoices with seemingly-official logos and letterhead. Sometimes these spear phishing attempts happen via text, such as the infamous Gift Card Scam.
Here’s a tip to level up your account security: use Google’s applications, such as Gmail and Chrome, when accessing your @sjsu.edu account on mobile. It’s the best way to get the most out of Google’s security features associated with your SJSU account.
As a rule, SJSU IT will never ask you for your login information via email. SJSU IT will also never ask for you to “pivot” from email to SMS (text). If an email or text message contains content you find questionable or references information you are unaware of, it’s a good idea to contact the sender yourself and verify the situation. Take a moment to call them on the phone.
Visit our website for more information on How to Spot a Phishing Attempt or to sign up for our ongoing phishing education program. You can also visit Google’s site to see how reporting phishing emails in Gmail helps prevent future attempts. If you believe your account may have been compromised, please email email@example.com immediately.
Thank you to our Information Security Team for providing this tip and always working to keep our university protected. As always, the SJSU IT Service Desk is here to help by phone at (408) 924-1530 or online.
Vice President for Information Technology
and CIO at San José State University