<div dir="ltr"><div>Hi All,</div><div><br></div><div><p style="box-sizing:border-box;padding:0px;margin:0px 0px 10px;color:rgb(118,118,118);line-height:1.8;font-family:"Open Sans",Arial,Helvetica,sans-serif;font-size:13px"><span style="color:rgb(0,0,0)">Please be extra cautious when opening emails from people you know, both in and outside your organization. </span><br></p><p style="box-sizing:border-box;padding:0px;margin:0px 0px 10px;line-height:1.8;font-family:"Open Sans",Arial,Helvetica,sans-serif;font-size:13px"><font color="#000000">I wanted to share some common phishing attacks we have seen:</font></p><ul style="box-sizing:border-box;padding:0px 0px 0px 20px;margin:0px 0px 10px;font-family:"Open Sans",Arial,Helvetica,sans-serif;font-size:13px"><li class="gmail-firstItem" style="box-sizing:border-box;padding:0px;margin:0px;list-style:inherit"><font color="#000000">Hackers have been sending spoof emails from email addresses that you may know, asking you to view a PDF attachment. They ask you to click and login with your email credentials to open the PDF. After entering your credentials, you do not see the PDF, but the hacker has now received your credentials and will try to send more phishing emails to your contacts to retrieve their credentials too.</font></li><li style="box-sizing:border-box;padding:0px;margin:0px;list-style:inherit"><font color="#000000">Hackers send an email claiming to be from someone within your organization, but have a different email domain that may be slightly different from your own. They will converse with you pretending to be someone else and encourage you to send payment or give details that allow them to steal from you.</font></li><li class="gmail-lastItem" style="box-sizing:border-box;padding:0px;margin:0px;list-style:inherit"><font color="#000000">Hackers have also sent emails from someone within your contact list asking you to download various attachments or to click on a link. ALWAYS hover over the link to see its origin, and ALWAYS call the person if the email seems suspicious. <span style="box-sizing:border-box;padding:0px;margin:0px;font-weight:700">Email monitoring software can’t detect if an email is a scam or phishing email if the hacker is using the person’s actual credentials to login.</span></font></li></ul></div><div><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><b><span style="font-family:Arial,sans-serif">Please submit the suspicious message to </span><u><span style="font-family:Arial,sans-serif;color:rgb(17,85,204)"><a href="mailto:fraud@sdsu.edu" target="_blank"><span class="gmail-il">fraud@sdsu.edu</span></a></span></u></b><span style="font-family:Arial,sans-serif">. This will help the security team determine the source and how to better deal with these messages. <u>You need to also report this message to </u></span><span style="font-family:Arial,sans-serif"><u>Google</u>.</span></p></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><b><span style="font-family:Arial,sans-serif">Here are the instructions to report the suspicious email to Gmail as phishing:</span></b><span style="font-family:Arial,sans-serif"></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><u><span style="font-family:Arial,sans-serif;color:rgb(17,85,204)"><a href="https://support.google.com/mail/answer/8253?hl=en" target="_blank">https://support.google.com/mail/answer/8253?hl=en</a></span></u><span style="font-family:Arial,sans-serif"></span></p></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div><img src="cid:ii_jtehnqvc0" alt="image.png" width="405" height="562" class="gmail-CToWUd gmail-a6T" tabindex="0" style="cursor: pointer; outline: 0px;"><br></div><div><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Arial,sans-serif">With the <u>suspicious email open</u>, click on the vertical three dots </span><span id="gmail-m_-2271801098659771710gmail-_x0000_t75"></span><span id="gmail-m_-2271801098659771710gmail-Picture_x0020_2" type="#_x0000_t75" style="width:17.25pt;height:21pt"></span><span style="font-family:Arial,sans-serif"> (number <b>1</b> on the image above) and then click on the <b>Report phishing</b> option (number <b>2 </b>on the image above).</span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Arial,sans-serif"> </span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Arial,sans-serif">Google will block this scammer/sender and no more messages will be delivered to SDSU.</span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-family:Calibri,sans-serif"> </p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-family:Calibri,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif"> </span><br></p></div></div><div><font color="#000000"><br></font></div><div><img src="cid:ii_jtkrt9r00" alt="image.png" width="542" height="381"><br></div><div><br></div><div><br></div><div><span style="color:rgb(0,0,0);font-size:13px;font-family:"Open Sans",Arial,Helvetica,sans-serif">It’s best to always call the person if you are questioning the emails credibility.</span></div><div><br></div><div>--william <br></div><div><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>William Nguyen<br></div><div>Operating Systems Analyst </div><div>College of Engineering, ENG-301A</div><div><span style="font-size:12.8px">San Diego State University</span></div><div><span style="font-size:12.8px">5500 Campanile Drive</span></div><div><span style="font-size:12.8px">San Diego, CA 92182-1326</span></div><div>Tel:  619-594-1166<br></div><div>Fax:  619-594-6005</div><div>E-mail:  <a href="mailto:wnguyen@sdsu.edu" target="_blank">wnguyen@sdsu.edu</a></div></div></div></div></div></div></div>