IT has received several questions recently about the increase in email-based phishing attacks. In particular, “Why aren’t these messages marked as spam and automatically removed?”

Phishing Defined

"Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication." (Source: Wikipedia)

Here's a helpful news article about phishing over Gmail and what a bogus email looks like.

How Phishing Scams Work

Many Biola email accounts have been compromised by phishing emails. These email messages attempt to steal NetID passwords by tricking you into clicking a link that redirects to a fake login page. Once you’ve signed in, they have your credentials, which they use to steal additional information or send more phishing emails from your account.First, it’s important to understand how phishing attacks at Biola have been successful:

There are two main reasons these attacks are so difficult to stop:

1) They differ from “spam.” These messages come from legitimate email accounts that were compromised when a Biola community member was fooled into submitting their username and password. Phishing can’t be detected and flagged automatically using standard tools because, unlike traditional spam, which is easily identified by where it originates, or by the bogus accounts used to send it, phishing email comes from valid addresses.

2) Biola students and alumni tend to be most vulnerable to these schemes because they have the most accounts (tens of thousands) in our Google Apps domain; therefore, even if a small fraction of users fall for the scam, this can have a big impact on the broader community.

What can I do to protect myself?

1) Enable 2-step verification on your Biola Gmail account

This adds an additional layer of security to your Gmail account to make it more difficult for users to gain access to your account. We also recommend that you do this for any other personal accounts you have.

2) Update the password recovery email address we have on file for you at

Your password recovery email address is where we'll send a password reset link if needed for any reason.

3) Consider these essential security reminders:

  • Biola (or Google) will never close your account suddenly. Thieves love to prey on fear and uncertainty to get you to make a hasty decision.
  • Pause and think before you click. If you get a message and aren’t sure if it’s legitimate, delete it, or give the Helpdesk a call at x4740 (562-903-4740).
  • Be very skeptical of links in emails or attachments that take you to anything with a login screen. It’s better to type the address manually into your browser than to click. The following links take you to different websites; can you spot the fake without visiting the site?
  • IT will never ask you for credentials or other sensitive information via email, text, or telephone.

If you have questions or need any assistance, don’t hesitate to contact our IT Helpdesk at (562) 903-4740. We’re here to help!

What should I do if I receive a phishing email?

When you receive a suspicious email, please forward it to

Forwarding these attacks to IT allows us to analyze these messages so that we can improve our ability to identify and respond to them proactively before they reach your inbox.

What should I do if my account has been compromised?

If you clicked on the link from a phishing email, and submitted your NetID credentials, please navigate immediately to and do the following:

  1. Reset your NetID password.
  2. Confirm that the personal email address listed is yours – if not please remove it.
  3. Notify the IT Helpdesk immediately. This may allow them to secure the account before malicious actors can use it.

If you clicked on the link but did not submit your NetID credentials, no further action is needed. Simply delete the email.

If you need help, contact the IT Helpdesk (lower Metzger Hall, east wing) at 562-903-4740 or