Phishing and St. Cloud State University

Phishing is a particularly dangerous and prevalent form of spam. Phishing is online criminal activity involving fraudulent e-mail messages sent in an attempt to obtain your online account information such as credit card and banking information. Once phishers have your account information, they might use it to steal your identity or make purchases on your account.

Internet Guardian

More information regarding Internet Guardian, including FAQs, is available on the Minnesota State SharePoint site.

Login instructions:

Internet Guardian is a security service implemented system-wide for all Minnesota State institutions. This service will help protect the St. Cloud State campus community from various internet threats, including phishing attempts and accidental downloads of malicious software like malware.

The service will mostly be invisible to the campus community except for those times that a user clicks on a malicious link or visits a web page identified as containing malicious software. If this happens, you will be alerted by a browser screen that informs you why your access to a site was blocked.

If you feel the site was blocked in error, the system will allow you to report the issue to the MinnState Help Desk. If you you have a legitimate need to access a blocked site, please contact Phil Thorson, Deputy CIO, and we will work with the Minnesota State System Office to provide solutions that can reach these “bad” destinations without endangering the rest of the campus network.

The service will not protect against all security threats so we are asking users to forward all suspected phishing emails to and continue to practice safe computing habits.

Recognizing Phishing

Phishing e-mails typically purport to be from a financial institution such as a bank, credit card company or online payment service. They typically feature authentic-looking logos that appear to originate from organizations such as eBay, PayPal, Bank of America, Wells Fargo, TCF Bank, etc.

Phishing e-mails are usually written under the guise of "protecting" you by asking for "confirmation" or "verification" of personal and/or account information.

Providing that information could subject your account to unauthorized access. As the Federal Trade Commission points out, legitimate businesses don't ask for personal or financial information via e-mail.

Protecting Yourself From Phishing

  • Never respond to e-mails that request your personal/account information.
  • If the e-mail appears to have been sent from an organization you are affiliated with and you want to look into it further, check for information on that organization's official Web site.
    Important: Check the legitimacy of the Web site listed in the phishing e-mail by typing the address directly into your browser, or call the organization directly. Do NOT click on links in the suspect e-mail.
  • Do not call a phone number listed in an e-mail you suspect is phishing. Look up that organization's actual phone number in the phone book or from your official documents.
  • Delete e-mails that ask for account or financial information.

Phishing Feeds on Fear

Why do people get hooked by one of these phishing expeditions? Something called social engineering plays a big role. Consider these scenarios:

You hear multiple news reports of identity theft, and as a result you are on the alert for anything indicating your own personal information might be at risk of being stolen.

With this heightened level of awareness about the need to protect your personal information, you might more easily fall prey to an e-mail that appears to come from a financial institution you have done business with, especially when the message is asking for "verification" to protect you from the very fraud it is committing.

Combine this with a sense of urgency the message reflects in wording such as "...your account with us will be terminated if you don't respond within 24 hours," and it's easy to see why people get hooked. SCSU doesn’t want you to be one of them.