Fresno State is joining colleges and universities nationwide to celebrate Cybersecurity Awareness Month in October. This week, we’re focusing on recognizing and reporting phishing and social engineering attempts.

Phishing: What to Look For

• Unexpected messages about account problems, invoices, payroll, or gift cards — especially with urgency or threats.
• Sender display name that looks familiar, but the email address is off by a character or uses a strange domain.
• Links that don’t match the text (hover to preview the real destination before clicking).
• Requests for passwords, MFA codes, or sensitive data — legitimate services do not ask for these by email.
• Unexpected attachments (e.g., .html, .iso, .exe) or prompts to “enable macros.”
• Multiple Duo prompts you didn’t initiate (MFA "push fatigue").

Social Engineering Tactics to Watch

• Pretexting: attacker invents a believable scenario (e.g., “IT support” requesting your login).
• Baiting: “free” downloads or USB drives that deliver malware.
• Vishing/Smishing: phone calls or texts pretending to be campus services or vendor

How to Verify Safely (Before You Click)

• Pause and inspect: check the full sender address and hover over links.
• Use known channels: contact the person or department using a phone number or address you trust — don’t reply to the suspicious message.
• When in doubt, report it first, and Technology Services will check it for you.

How to Report at Fresno State

• Forward suspicious emails to reportphishing@csufresno.edu.

If You Clicked or Responded

• Immediately change your Fresno State password and review recent Duo approvals.
• Notify Technology Services immediately so we can help secure your account and device.

Coming Next Week
Passwords and Multi-Factor Authentication (MFA) — Stronger logins, fewer compromises.

Thank you for helping keep our campus secure.