THREAT ALERT - Multiple Active Email Phishing Attacks

From: Office of Information Technology 
Sent: Friday, September 4, 2020 11:29 AM
To: Students
Subject: [THREAT ALERT] Multiple Active Email Phishing Attacks


Office of Information Technology

Dear City College Students:

There are multiple active phishing email attacks targeting City College student email accounts. One such campaign that rising in occurrence is one in which various work from home job offers are sent, working for faculty or for doctors or in well-known offices or organizations such as UNICEF and WHO. These messages have subject lines such “UNICEF”, “WHO”, “ONLINE ASSISTANT VACANCY”, “THIS IS REWARDING”“Review”, and “AWESOME AND REWARDING!!!”. This is in addition to the personal assistant offers that are still targeting City College students.
We encourage all students to heavily scrutinize any such offer for work from people you are unfamiliar with. Some characteristics of the email will give you a good indication that it is fraudulent, such as:

  • They offer to send you a check first, this is usually a red flag for a scam. The check will bounce, and you will suffer penalties from your bank. In most of these cases, they will send you a check that is larger than what they promised to pay you and they will request you to cash it and send them back the remaining amount.
  • The name of the person in the email body does *not* match the name of the account that sent the email to you.
  • The email redirects you to communicate with a non-ccny email account (Hotmail, google, etc..).
  • The email has poor grammar. Significant spelling errors are a clear indicator of fraudulent messaging.
  • You may notice the email does not appear to be addressed to you. In this case, the sender of the email lists themselves as sender and uses “Bcc:” (Blind Carbon Copy) to copy the email to many users.

If you received or responded to similar emails please report it to  ITsecurity@ccny.cuny.edu  and delete the email immediately.


SAMPLES:

From: " abcdef000@citymail.cuny.edu " < abcdef000@citymail.cuny.edu >
Date: Friday, August 14, 2020 at 11:03 AM
Subject: WHO (World Health Organization) ONLINE ASSISTANT VACANCY
To: " mnopqr000@citymail.cuny.edu " < mnopqr000@citymail.cuny.edu >

 Good Day,

I am a professor here in CUNY, there is an opening available for the post of personal assistant to work with WHO (World Health Organization) or UNICEF.

Offer: $300/Weekly

To know more about the position please CLICK HERE to Apply.

N.B: Fill in your personal email address in the Email section of the Apply Form.

Application will be received and you will get a response between 24-48 hours.

Regards.


From: " somestudent1@citymail.cuny.edu " < somestudent1@citymail.cuny.edu >
Subject: AWESOME AND REWARDING!!!
Date: July 29, 2020 at 5:04:16 AM EDT
To: " somestudent1@citymail.cuny.edu " < somestudent1@citymail.cuny.edu >

HIRING FOR IMMEDIATE START?
This fair is for you!

We're HIRING!!!

VIRTUAL ASSISTANT: Work is available in HUNTER for those who desire to work as a home-based virtual assistant. This type of work consists of you completing a variety of duties such as booking appointments, scheduling meetings, sorting files, and so forth.
The hours will be between 2-3 hours twice a week This position allows you opportunity to take on a second job, thereby increasing your income
 
ALL  interested in working from home and earn $300 Weekly should visit website here to apply


From: CUNY Email User 1< cunyemailuser1@cuny.edu >
Date: Wednesday, June 3, 2020 12:11 PM
To: CUNY Email User 2 < cunye%6dai%6cuser%32@cuny.edu " rel="nofollow"> cunyemailuser2@cuny.edu
>
Subject: Your CUNYfirst account Needs to be updated

Your CUNYfirst account Needs to be updated

   Click Here to UPDATE

CUNYfirst Support


General Information

  • DO NOT reply to unexpected or unusual email from any sender.
  • DO NOT reply to email with any personal information or passwords.
  • DO NOT click a link or open an attachment in an unsolicited email message.
  • If you suspect an email is not legitimate, forward it to itsecurity@ccny.cuny.edu

For more information please read the CUNY Issued Security Advisories here:
https://www.cuny.edu/about/administration/offices/cis/information-security/cuny-issued-security-advisories/
In addition, we suggest you complete the 30-minute Security Awareness Course viewable here:

https://course.enterprisetraining.com/cuny2017/launch/

The following links provide useful resources to help you better understand, identify and avoid phishing scams and how to protect yourself from cyber fraud:

CCNY Information Security website, including CCNY/ CUNY policies
https://www.ccny.cuny.edu/it/security

Cybersecurity and Infrastructure Security Agency (CISA) Tips on Avoiding Phishing Attacks
https://www.us-cert.gov/ncas/tips/ST04-014
 
Federal Trade Commission: Identity Theft
http://www.ftc.gov/bcp/edu/microsites/idtheft

 
The Office of Information Technology