Recently we have seen an increase in the occurrence of phishing attempts targeted at the SUNYIT community.  The most recent attempt contained the Subject line:  SHORTDOWNNOTICE, is prompts the user to submit personal information that could be used for identity theft or other malicious activities.

SUNYIT nor any other legitimate organization would never request its constituents to submit login information or other personal information via email.

What is Phishing?
Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites.

Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims.

Below is an example of how most phishing schemes work:

• 
  
• An individual receives an e-mail which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
  
• The message describes an urgent reason you must verify or
  e-submit personal or confidential information by clicking on a link embedded in the message or by replying to and email.
  
• The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in phishing scams, the Web site belongs to the fraudster/scammer.
  
• Once inside the fraudulent Web site, the user may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the user’s mother or place of birth.
  
• When the consumer provides the information, those perpetrating the fraud can begin to access users accounts or assume the person's identity.
  

Here are some tips you can use to avoid becoming a victim of cyber fraud:

• 
  
• Do not respond to unsolicited (spam) e-mail.
  
• Do not click on links contained within an unsolicited e-mail.
  
• Be cautious of e-mail claiming to contain pictures in attached files; the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
  
• Avoid filling out forms contained in e-mail messages that ask for personal information.
  
• Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
  
• Log on directly to the official website for the business identified in the e-mail instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  
• Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
  
• If you are requested to act quickly or there is an emergency that requires your attention, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
  
• Remember if it looks too good to be true, it probably is.
  

If you have any questions please contact the HelpDesk at 315-792-7440 (x7440)

Or submit a Helpdesk request via https://helpdesk.sunypoly.edu

Thanks