Columbus State University Print Logo

Office of Information Security

Office of Information Security

Security Alerts

If you see spam/phishing in your inbox:

  • Select the message you'd like to report.

  • Click the spam button dot Report spam icon in the toolbar above your message list.

  • (If you have the message open, you can also report it as spam by using the same button.)

To know more about how a spam email looks, how to identify and prevent them please refer to our spam email page.


Malicious Email Alert: Subject Line "Request"

Incident Report for USG Services

New Incident Status: Identified
USG Cybersecurity received multiple reports of a suspicious email message sent to USO employees. This message has the subject line, "Request" and may appear to be from the Chancellor. The body of the message contains the following text:

"From: Steve Wrigley >
Sent: Monday, September 24, 2018 3:27 PM
Subject: Request

I'll need you to run a task ASAP,let me know if you're unoccupied.i can't talk now but will lookout for your reply.

Steve Wrigley

Sent from a Mobile Device"

These email messages are not legitimate. Please do not open any attachments or click on any embedded link. They could be used to compromise your account credentials and allow intruders access to confidential information. If you receive a message having these characteristics, please delete the message.





Active Phishing Campaign Targeting Student Email Accounts

Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential
fraud associated with student refunds and aid distributions.

Multiple institutions of higher education (IHEs) have reported that attackers are using a phishing email
to obtain access to student accounts via the IHE student portal. The nature of the requests indicates the
attackers have done some level of research and understand the schools' use of student portals and methods.
These attacks are successful due to student compliance in providing requested information and the use of
just one factor for authentication.

Please view Federal Student Aid's detailed evaluation of the phishing campaign


COBALT DICKENS Targets Universities

SecureWorks has identified an Iranian Threat Group that
is likely responsible for large-scale campaign targeted at
Collecting University credentials!

The Office of Information security has recently been notified about the threat group COBALT DICKENS
SecureWorks has put out a helpful Blog post to help identify spoofing attempts generated by this threat group!






Infosec has been alerted to a potential Spam email.

The Email is not spam, please disregard the email and do not follow the links. 

Non-Spam Email



USG Spam Email

The USG Cybersecurity team has received reports of a a suspicious email being sent.

This message has the subject line, "***IMPORTANT UPDATE*** PLEASE READ- University System of Georgia 2018/19
Employees strategic plan for the year from Dr. Steve Wrigley" and may appear to be from someone you know

This message is not legitimate. Do not open emails with this subject line and do not click on the embedded link.

This email potentially can compromise your account. If you recieve an email having these characteristics delete the email.


Spam attack using old passwords has recently surfaced.

The email is not a legitimate threat and is only a scare tactic to get you to supply the given bitcoin address with bitcoin.

The better Business Bureau encountered a similar scam back in September 2017

CSU and BBB advise you not to open or interact with emails like this one.



On June 15th 2018, 

Oregon became the victim of a successful phishing attempt which caused their government domain to be listed as spam preventing emails from being sent out.  

A brief breakdown of the events:

  • One Oregon state employee became victim of a successful phish last Friday.
  • The user's computer was hijacked to subsequently send 8M+ spam emails over the weekend.
  • Email services like Outlook, MSN and others detected the spam and downgraded the sender reputation of OREGON.GOV, effectively blacklisting mail originating from the state domain.
  • Oregon IT services learned of the issue Monday morning when tickets started trickling in to their service desk suggesting email trouble.
  • Reputation remediation was still underway as of yesterday.

The Office of Information Security would like to remind you when dealing with a suspicious email to:

  • Be suspicious of emails that request sensitive information
  • if you are suspicious always verify with the sender about the email
  • never open attachments from suspicious emails
  • Delete email and text messages that ask you to confirm or provide personal information. Legitimate companies don't ask for this information via email or text.
  • Don't reply, and don't click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites.

For more information, watch this video on Phishing which provides guidelines on how to protect employees and the computer assets we rely on every day.
Refernce: OregonDAS


Several schools have received a phishing email addressed from their presidents and the list seems to be growing.

Central Methodist University
Columbia College in Missouri
Champlain College
Walla Walla Community College
Waldorf University
Middlebury College
Texas A&M University San Antonio

The school has already taken preventive measures to block this email. 

If you happen to receive or have received an email matching this information please follow the steps on reporting as spam/phishing to help protect.

EDUCAUSE Listserv alert:
Earlier today most of our employees received a phishing email that appeared to be from our president. After some research we found that were able view the site structure where the link directed users.

Malicious Email:

From: (name)
Contains In Body of Email:<(yourschool)>/index.php<(yourschoolhttps)>/index.php

IP address of web site:

Steps For Reporting Spam/Phishing
1. Select the message you'd like to report.
2. Click the spam button dot Report spam icon in the toolbar above your message list.
3. Delete email




The USG as issued an alert concerning a suspicious email received by USO employees.

The message with the subject line New Job Offer and sent by Bent Maxwell
contains no content except for a attachment named EDUCATIONAL DOCUMENT.rtf
The email is not

Do not open any attachments or click on any embedded link. This could compromise your account.

If you have received a message that matches this description please delete it.


Users at EGSC received a phishing email this morning ( 8:22am 2/12/18) that was addressed from the President of EGSC, via an Earthlink account. We were able to determine that other schools in the USG were sent similar emails. Both appear to be from the office of the President at the respective school. 

Clicking the link in the below image would lead to a fake login page which would capture the information. We ask  everyone to please review their email and be vigilant 






On 11/27/17 UITS was alerted to a Phishing page mimicking our OneCSU login page

In the image below the highlighted URL is not linked to CSU
Phishing site

UITS asks students, faculty, and staff when connecting to MyCSU
to make sure the page is secure by checking for a secure URL

Secure Site

Always make sure your page is secure when visiting CSU websites. This ensures that you're in the right place and your information is safe


There has been a "Phishing" attempt directly targeting Columbus State University email accounts. Please delete this email and notify UITS if you have clicked the link in the email. Below is a image of the Email:

From: IT Desk <>
Date: Tue, Nov 21, 2017 at 9:09 AM
Subject: New Courses


Here is a link to course registration need to register today.

Sign up today in Eduphoria.

Cindy Glenn

Instructional Technology Specialist

North East Independent School District

Twitter: @ibceendy


spam alert

There has been a "Spear Phishing" attempt directly targeting Columbus State University Employee's Please delete this email and notify UITS if you have clicked the link in the email. Below is a image of the Phishing Email