Dealing with Phishing Attempts

What is Phishing?

SJSU is a regular target of phishing schemes—emailed attempts to trick employees and students into revealing usernames and passwords to unknown third parties. These email messages may be simple and primitive, or they may be skilled forgeries based on real email notifications.


Reporting Phishing Scams


Phishing Education Resources

Videos on Phishing

Videos of the Week (Vol. 10): Phishing Trips (Harvard)


Identity Theft Prevention: How to Prevent Phishing Scams


How do you recognize a phishing scheme?

  • Phishing schemes ask for confidential personal data—like your password—in email.
  • Phishing schemes often threaten immediate penalties for not following their instructions.
  • Phishing schemes often ask you to reply to an address that isn't associated with SJSU or the agency the message claims to be from.
  • Phishing schemes often supply a web link that appears to be an SJSU link, but connects to a different website when it opens in your browser.


What doesn't SJSU (and other legitimate agencies) do via email and the web?

  • SJSU does not send automated messages asking for your username and password. Internet mail distribution is not secure enough to be trusted for this purpose.
  • SJSU does not request passwords using unsecured web pages or non-university web pages. All web password requests should be at an address that starts with https:// (note the letter 's') and that includes sjsu.edu/ in the server name. Please check the URL address line in your browser for mismatches or fraudulent typos when you open a web page.
  • SJSU does not send automated system warning messages that require immediate response to avoid immediate penalties. SJSU automated system warnings ideally provide a reasonable time in which to respond, and will tell you how many days or weeks in which you have to respond.
  • SJSU does not implement automatic notification tools without informing the help desks and desktop support technicians.