This site requires JavaScript to be enabled

Information Resources and Technology


Reporting email phishing attempts and scams

This article provides instructions on what to do if you're received or have been the victim of an email phishing attempt.

No reputable institution will ask you to submit your login, password, or credit card information through email or a link in email. Clicking on the links in the message may lead to deceptive websites designed to look like a legitimate site, or may link to websites that infect your computer with viruses and other malicious software. Delete suspicious messages immediately. Do not click on any links in the message. Do not open any attachments, as they may contain viruses or other malware.

Phishing Awareness

Work with the Information Security Office to combat identity theft! Got suspicious email? Provide a copy for analysis, and we can take action to block them or shut them down. If the message originates from University resources, or the sender appears to be someone at Sac State, the Information Security Office needs to know about it. Please send the message, with full headers, to

Instructions for viewing/sending header information are available in the "How to Report..." section. Although a message can be forged to make it falsely appear that the message originated at SacState, we can examine the message to verify its source. The part of an email that you don't see, the email headers, are the electronic equivalent of an envelope and contain clues about the origins of an email. Normally, when you forward an email, only the text is sent. By forwarding the original email as an attachment, we can examine it to determine where it came from.

How to report if you have neen a victim of a phishing scam

Forward spam that is phishing for information to The Information Security Office will analyze the phishing attempt and take appropriate action. To properly submit a phishing attempt please include the email headers.

  1. Open a new email and drag the suspicious email from your inbox into the body of the new email.
  2. Then address it to and send.
  3. If you feel you have become a victim of a phishing attack, please contact the IRT Service Desk:
    • 916-278-7337

Information Security - KB0010545 by Matthew Mills | Published:2014-07-22 | Updated:2018-04-12 17:12:01 | Views::292

Version 1.4.2 (release notes)