Phishing scams are becoming more common — and more convincing. As part of our ongoing commitment to keep the CalArts community safe online, here’s how to identify suspicious emails, what to do when you get one, and where to report it.
What is Phishing?
Phishing is a type of cyberattack where someone pretends to be a trusted contact — like a CalArts department or staff member — to trick you into sharing sensitive info like login credentials, alternate emails, or personal details.
These attacks are most often carried out via email, but can also happen through phone or text.
Be Aware: Sometimes It Does Come From a CalArts Email
In rare cases, a legitimate @calarts.edu email account may become compromised and used to send phishing messages to large groups. These messages might look real — because they are coming from someone inside the Institute.
That’s why it’s critical to look at the entire message, not just the sender.
Red Flags to Watch For
📬 Mismatch Between the Sender and Reply Instructions
The email says it’s from someone at CalArts, but asks you to reply to a different email address (often a Gmail or Outlook account) or text a personal phone number.
🚨 Urgent or enticing language
Things like “Limited spots available,” “Immediate action required,” or “Remote paid opportunity.”
📎 Attachments or links
Especially if you’re not expecting them or they urge you to open something quickly.
🧾 Requests for personal info
Including your phone number, alternate email, or verification of identity via unofficial channels.
Recent Example
A phishing email recently went around with the subject line:
GRADUATE/UNDERGRADUATE RESEARCH ASSISTANT
It claimed to offer a paid internship opportunity and asked students and alumni to respond with personal information — not to a CalArts email, but to a Gmail account.
What To Do If You Receive a Suspicious Email
1. Don’t click, reply, or download anything.
2. Forward the message to CalArts IT at: cait@calarts.edu
3. Delete the message from your inbox.
4. If you already responded, change your CalArts SSO and personal passwords immediately and contact CAIT for follow-up.
Best Practices to Protect Yourself
• Only trust opportunities sent from verified @calarts.edu senders, and still read closely for any reply-to mismatches.
• Be cautious about job offers, surveys, or stipend claims that ask for quick replies or alternate contact info.
• Don’t provide personal information unless you’re sure it’s a trusted contact.
• Turn on Multi-Factor Authentication (MFA) for all your accounts.
• Bookmark and use official CalArts resources for job listings, surveys, and research opportunities.
Comments
Please sign in to leave a comment.