Email Scams Advisory
From: Office of Information Technology
Sent: Friday, February 7, 2020 9:00 PM
To: CCNY College Community
Subject: Email Scams Advisory
Dear City College Community Member:
This is a reminder to be alert to the innumerable online scams. One of the most prevalent is known as a “phishing” email. These emails are designed to look like legitimate emails originating from your bank, a friend, or even the United States government. However, they are a ruse to persuade you to download malicious software and/or reveal account credentials and personal information that can be used for identity theft.
Phishing emails often direct you to submit sensitive information, threaten to deactivate an account, advise you to change your password or activate or upgrade an account by clicking a link. These schemes also use less alarming ruses, including attaching invoices, taxes, or financial aid forms that contain viruses. Their goal is to compromise the security of your personal computer or smartphone, to harvest your valuable information, and, ultimately, to defraud you and your colleagues, friends and family.
How to Protect Yourself
Always remember, an official entity, including CCNY and CUNY, will never use email to request your userid, password, or social security number or ask for detailed personal and financial information such as PIN numbers, or secret access information for credit card, bank or other financial accounts. Be suspicious if you receive emails or visit websites requesting any of this information, also:
DO NOT click on the links.
DO NOT download the attachments.
DO NOT enter your credentials.
DO NOT reply to the original email.
DO NOT forward it to acquaintances.
If a suspicious message seems legitimate, contact the originating office by phone (using the phone number on the CCNY directory listing) before responding. Or try opening a new browser window and typing the address directly. Please also notify ITSecurity@ccny.cuny.edu .
If you inadvertently disclose your user ID and password change your password immediately on any and all systems where that password is used. Using your account credentials from one hacked system cyber-criminals may be able to determine your username on other systems. If you use the same password on those systems they too could be compromised.
For more information please read the CUNY Phishing Advisory posted at security.cuny.edu under the CUNY Issued Security Advisories.
In addition, we suggest you complete the 30-minute Security Awareness Course viewable here: http://security.cuny.edu/
The following links provide useful resources to help you better understand, identify and avoid phishing scams and how to protect yourself from cyber fraud:
Ouch! security newsletter on the topic
CCNY Information Security website, including CCNY/ CUNY policies
United States Computer Emergency Readiness: Team Report Phishing
Federal Trade Commission: Identity Theft