- Discover CSUB
- Admissions & Aid
- Student Life
- ASI (Student Government)
- Antelope Valley Campus
- Campus Dining
- Campus Programming
- Career Education & Community Engagement (CECE)
- Children's Center
- Counseling Center
- Health, Safety And Wellness
- Housing & Residence Life
- Services for Students with Disabilities
- Student Financial Services
- Student Organizations
- Student Recreation Center
- Student Rights & Responsibilities
- Student Union
- Vice President for Student Affairs
- News & Information
LRN-120000 Malicious OneClass Chrome Extension
A malicious OneClass Chrome Extension is part of a current phishing scam which, if installed, may send email on students' behalf and also attempts to collect user credentials.
The OneClass Chrome Extension is not available directly via search in the Chrome Extensions Store and students are being phished with the following link to install it (CAUTION: DO NOT CLICK THIS LINK):
During installation, the extension requests permissions to "Read and change all your data on the websites you visit". The installation process counts on users' tendency to accept terms without reading. The extension adds a button inside the Blackboard Learn pages to "Invite Your Classmates to OneClass".
The plugin will email all the students in a students' class (utilizing Blackboard URLs and resources, which are functioning as designed) to promote the OneClass plugin/product. The plugin also has code that attempts to collect and send the users' credentials (both username and password). Blackboard support is in the process of determining if the code is successful in doing so.
The mail content is:
"Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at https://oneclass.com/s/signup. I highly recommend signing up for an account now that way your first download is free!"
Please DO NOT install this extension, and if you receive an email anything like the one above please DO NOT click anything in the email. Just delete the email.
If you have questions, please contact email@example.com.