Recent Phishing Attempts
Recently we have seen an increase in the occurrence of phishing attempts targeted at the SUNYIT community. The most recent attempt contained the Subject line: SHORTDOWNNOTICE, is prompts the user to submit personal information that could be used for identity theft or other malicious activities.
SUNYIT nor any other legitimate organization would never request its constituents to submit login information or other personal information via email.
What is Phishing?
Phishing is an e-mail fraud method in which the perpetrator
sends out legitimate-looking email in an attempt to gather
personal and financial information from recipients. Typically,
the messages appear to come from well known and trustworthy Web
sites.
Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims.
Below is an example of how most phishing schemes work:
- An individual receives an e-mail which appears to originate
from a financial institution, government agency, or other
well-known/reputable entity.
- The message describes an urgent reason you must verify or
e-submit personal or confidential information by clicking on a link embedded in the message or by replying to and email. - The provided link appears to be the Web site of the
financial institution, government agency or other
well-known/reputable entity, but in phishing scams, the Web
site belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the user may be asked
to provide Social Security numbers, account numbers,
passwords or other information used to identify the
consumer, such as the maiden name of the user’s mother
or place of birth.
- When the consumer provides the information, those
perpetrating the fraud can begin to access users accounts or
assume the person's identity.
Here are some tips you can use to avoid becoming a victim of cyber fraud:
- Do not respond to unsolicited (spam) e-mail.
- Do not click on links contained within an unsolicited
e-mail.
- Be cautious of e-mail claiming to contain pictures in
attached files; the files may contain viruses. Only open
attachments from known senders. Scan the attachments for
viruses if possible.
- Avoid filling out forms contained in e-mail messages that
ask for personal information.
- Always compare the link in the e-mail to the link you are
actually directed to and determine if they match and will
lead you to a legitimate site.
- Log on directly to the official website for the business
identified in the e-mail instead of “linking” to
it from an unsolicited e-mail. If the e-mail appears to be
from your bank, credit card issuer, or other company you
deal with frequently, your statements or official
correspondence from the business will provide the proper
contact information.
- Contact the actual business that supposedly sent the e-mail
to verify that the e-mail is genuine.
- If you are requested to act quickly or there is an emergency
that requires your attention, it may be a scam. Fraudsters
create a sense of urgency to get you to act quickly.
- Remember if it looks too good to be true, it probably is.
If you have any questions please contact the HelpDesk at 315-792-7440 (x7440)
Or submit a Helpdesk request via https://helpdesk.sunypoly.edu
Thanks