For the past several weeks, there have been reports of various scam emails ending up in the Cal State LA inboxes of not only university students but campus faculty as well. 

These fraudulent emails try to scam readers out of their personal information, an act that’s known as “phishing.”

Phishing is when someone sends fake or deceptive messages in order to trick the target into sharing their personal information or access to their accounts, according to ITS security officer Edward Ho. From there, these scammers either use that information as blackmail, sell it to buyers interested in other people’s personal data, or even exploit security breaches within a network to target others. More often than not, phishers pretend to be someone or a group that the target person knows or trusts.

The scam emails that have been circulating around Cal State LA accounts promise their readers monetary rewards or job offers and giveaways, urging them to click on a provided link. Upon clicking on these links, the victims would either input sensitive information or malware would install itself into their systems. The cycle would then repeat itself, with the attackers behind these emails sending more emails under the compromised email addresses of other students. 

One first year student said she received one of these emails but didn’t fall for it.

“I was at the moment searching for a job, so it seemed really intriguing for me,” Yaritza Robledo said. “I screenshotted it and sent it to my mom and she said to see what it was about, and I replied to them and they emailed back with a google link in which it said to input basic information like name, age, and email. I quickly noticed weird wording so I never filled anything out.”

Such emails might read like this:

“I am a staff member here at the institution. A professor of Medicine shared a link for an interested student who might be interested in a PAID PART-TIME POSITION JOB to make up $450 (USD) weekly. Follow the link below for more info regarding the position.”

Or this:

“Greetings, You have a message from the HR Department. File can be Accessed through Using an External Institution Email Only.”

The Instagram account “csulatruth” initially shared reports of these email scams on their page several weeks ago. The post details the many similarly written email scams that students have received. Some of the students featured in the story posts are disappointed with their interactions with ITS. They reported that their calls for help were met with monotone responses and that they were uncaring and rude. Since then, there have been more and more students who have received these emails, according to Ho.

“There are a couple of symptoms of fraudulent emails,” Ho said. “If the email is sent from someone I don’t know, if it’s something that’s too good to be true and if it’s not relevant to us. If they don’t address you personally, if they have some kind of grammar errors in the email, if they ask you to press a button without explanation and urge you to act quickly and add your username and password… Those are signs of a fraudulent email.”

On the ITS webpage, there is a page dedicated to identifying phishing attempts as well as examples of what a scam email looks like. Telephone support is available 24/7 and students can also book an in-person appointment. 

Robledo didn’t know how to report her scam email to ITS at first. After she started 

receiving more scam emails, she got annoyed. She made it a point to tell ITS about them and noticed how easy it was to make that report.

“I think it’s annoying and weird how they can access university students’ emails,” Robledo said.

Out of the million emails sent every day, ITS gets sent about a couple thousand requests for assistance daily, according to Ho. He explained that Microsoft intercepts these emails to the best of its capability, and ITS has set rules that intercept most scam emails before they reach students. Since these hackers change their email addresses often, not every email scam gets caught. He also said that the most recent email scams received by students are nothing new at all, merely just another wave of incidents that ITS handles every year. 

Fortunately, the fight to keep online activities secure is rarely done alone. ITS counts on students and faculty to report any phishing attempts, fraudulent emails and security breaches in their networks. Everyone can do their part to stop the spread of these email scams.

“The best defense really starts from the individual,” Ho said. “I’m very cautious about what kind of emails I get.”

Ho stressed the significance of digital security in today’s modern world. If a person’s account ends up compromised, it’s not just the one account that the scammers have access to but also to the person’s friends, peers, co-workers and contacts who all use the university email. Ho said that is why it’s important that people go to ITS as soon as possible to get the account reinstated.