From: Office of Information Technology
Sent: Thursday, March 26, 2020
To: City College Community
Subject: COVID-19 Related Phishing Campaigns
Dear City College Community Member:
Malicious cyber threat actors are capitalizing on the global attention surrounding the novel 2019 Coronavirus (COVID-19) to facilitate scams, distribute malware, and send phishing emails.
How to Protect Yourself
- Be wary of unsolicited and COVID-19 themed emails or SMS (text) messages from untrusted users and be on the lookout for messages impersonating legitimate government agencies or organizations and attempting to lure recipients taking immediate action.
- Refrain from opening any file attachments or clicking on any embedded hyperlinks especially when the sender requests the receiver to visit a suspicious-looking site requesting personally identifiable information or other sensitive and confidential Information.
- It’s always best to navigate to the legitimate website by typing the correct address into a web browser.
- Always inspect the website address to ensure the legitimate website is properly displayed
If you inadvertently disclose your user ID and password change your password immediately on any and all systems where that password is used. Using your account credentials from one hacked system cyber-criminals may be able to determine your username on other systems. If you use the same password on those systems they too could be compromised.
For more information please read the CUNY Phishing Advisory posted at security.cuny.edu under the CUNY Issued Security Advisories.
In addition, we suggest you complete the 30-minute Security Awareness Course viewable here: http://security.cuny.edu/
The following links provide useful resources to help you better understand, identify and avoid phishing scams and how to protect yourself from cyber fraud:
The Cybersecurity and Infrastructure Security Agency (CISA)
Defending Against COVID-19 Cyber Scams
Ouch! security newsletter on the topic
CCNY Information Security website, including CCNY/ CUNY policies
United States Computer Emergency Readiness: Team Report Phishing
Federal Trade Commission: Identity Theft
Office of Information Technology