Hello Chapman community, this is your CISO with a brief reminder on how to identify and prevent phishing and scams.

Phishing tactics appear in both Chapman and personal accounts, including email, banking, and shopping. The following habits will help protect your work and personal information.

Apply the STOP Method: A Quick Guide for the Chapman Community

It’s 8:12 a.m., and you’re scanning email before your first meeting when a message lands with the subject line: “Action Required: Payroll Update Needed Today”. It looks polished, references the university, and warns that your direct deposit could be delayed unless you “confirm” your information. There’s a prominent button labeled “Update Now.” The timing is perfect, because scammers love busy inboxes.

Stay cautious. You look past the formatting and focus on the ask: verify personal details, sign in, and share information tied to your pay. The sender address is close but not quite right, and the message leans hard on urgency. That combination—money + pressure—is your cue to treat it as suspicious.

Take your time. Between back-to-back meetings, grading, and deadlines, it’s tempting to click to clear it off your plate. But you pause. If it’s legitimate, it will remain legitimate after you verify it through the proper channel. If it’s a scam, those extra seconds can prevent a bad sign-in or a costly change.

Only trust verified sources. Instead of using the link in the email, you go directly to the university site or portal you already use (by typing it in or using a saved bookmark). If you need confirmation, you contact Payroll/HR or IS&T using phone numbers and webpages from the official directory; NEVER use the contact info provided in the message. Contact infosec@chapman.edu or call the Service Desk.

Protect your info. When it asks for a one-time code “to confirm your identity” (or to approve a payment, invoice, or vendor update), you stop immediately. No legitimate support team should ask for your MFA code. You close the message, report it, and keep university systems and your personal data protected.

Bottom line: If a message urges immediate action regarding payroll, passwords, invoices, or account access, use STOP: Stay cautious, Take your time, Only trust verified sources, and Protect your information. These four steps help you respond safely to urgent emails.

Remain alert to protect your data. Chapman University is committed to safeguarding your information, but preventing scams requires everyone’s vigilance. If you are unsure about a message, contact us at infosec@chapman.edu for support.


Stay safe, stay vigilant!
Keith Barros
Chief Information Security Officer (CISO)