ֱ

Skip to main content

Email Phishing Scams

There has recently been a large number of phishing attempts targeting South ֱ State University students, faculty, and staff. While the Office of Information Technology is doing all we can to prevent these attacks, each individual must be aware of the danger and take appropriate steps to ensure you don’t fall victim to malicious activity.

Has your account been compromised?

How do I know?

  • Not able to send or receive emails from SDSU.
  • Not able to send or receive emails from outside SDSU.
  • Receiving spam emails.
  • Sending spam emails.
  • Receiving bounce backs from emails you did not send.

How do I fix it?

Change your password to something completely new. Visit to change your password. Remove the forwarding address.

This is not always present, but a common side effect of a compromised account. Not sure how? Check out the page or contact them directly for assistance.

Now what do I do?

  • Contact the support desk. sdsu.supportdesk@sdstate.edu or 605-688-6776.

    This will prompt the Support Desk to remove you from any blocked lists on campus.

  • Wait. When your account gets compromised, you will be added to a blacklist. This means that your account has been flagged as sending spam emails. You will not be able to send or receive emails until that flag has been cleared. After 24 hours of your account no longer spending spam, your account should be enabled again. (This could take longer depending on who has blocked you.)

Email phishing scams can come in many forms, but typically try to convince you of an immediate problem, such as an expired password or needing to verify account information. They often appear to have been sent by a legitimate person such as a SDSU student of staff member.

If you have received any email and are still unsure of its authenticity after reviewing this information, you can forward the email to our Information Security Team. You may also visit or and find a list of known spam and legitimate emails.


Points to Remember:

  • The SDSU Support Desk will never ask for account information (username and password) in an email.
  • Always check the link in the email. Spam emails often link to a subdomain of a non-SDSU website, such as weebly.com.
  • DO NOT open any email attachments in suspicious emails. Spam emails may also include the text with the warning and link in an attachment to bypass any security filters searching email bodies.
  • Never follow any link in a suspicious email or an email coming from an unknown source. Always open a web browser and go directly to the website.