This is a phishing attempt first reported to CSULB ITS on September 2, 2017. Repeat reports received on September 9, 2017.
From: Deborah Sanchez
Sent: Saturday, September 2, 2017 6:50 AM
Subject: September Payroll Information
The fraudulent email is very vague and informs recipients that they have 1 new notification regarding payroll. The link appears to be a legitimate web address; however, it leads the user to a page that appears to be the CSULB Outlook Web App (OWA) login page. This phishing email comes from an actual CSULB account which has been compromised by phishers/hackers and is being used to broadly email the campus. The compromised account issue is being addressed.
Intent of the Email
The sender is attempting to capture email account credentials for their own malicious purposes or to install malware. The link appears to go to a foreign website.
Figure 1: Screenshot of the phishing email
The landing page leads the user to a fake OWA page that is hosted on an international webpage and not mail.csulb.edu.
Figure 2: Fradulent OWA page
View all Phishing Reports: