Monday ,January 29, 2024 - [THREAT ALERT] Multiple Active Email Phishing Attacks

SPRING 2024

OIT-ISO NOTIFICATION: Monday, January 29, 2024 - [THREAT ALERT] Multiple Active Email Phishing Attacks

Dear Campus Community, 

Recently, our campus has been the target of numerous phishing attacks using a variety of fraudulent offers and notices. These attacks primarily target Students, Staff and Faculty with fake notices of account termination, fraudulent job offers, and fake requests from supervisors and other administrators to purchase gift cards. 

The attacks are carried out by using college accounts that were compromised in some form, impersonating college offices or officers, as well as accounts made on free email platforms such as Google (Gmail) and Outlook. We encourage everyone to exercise a high level of caution when reading email with the [external] tag or those with offers that are too good to be true. 

If you think you have already been impacted by this security threat 

If you receive a potential phishing message, or if you already responded to a phishing email, immediately contact the IT Security Office at itsecurity@ccny.cuny.edu or the CCNY Service Desk at servicedesk@ccny.cuny.edu . 

Recommended User Action 

  • DO NOT reply to unexpected or unusual email from any sender. 

  • DO be particularly cautious when the “external source” warning banner is present. 

  • DO NOT respond to job offers originating from citymail.cuny.edu addresses. Citymail accounts are only assigned to students and the school does not advertise job offers using student email accounts. These jobs will try to get you to cash fake checks and send your own money to others. 

  • DO NOT reply to email or text messages with any personal information, passwords, or MFA verification codes. Your password or MFA verification code should never be shared for any reason. If you have reason to believe that the request is real, contact the CCNY Service Desk at servicedesk@ccny.cuny.edu or (212)650-7878. 

  • DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser. 

  • DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services. 

  • DO change ALL of your passwords if you suspect any account you have access to may be compromised. 

  • DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen. 

  • DO remember that official communications should not solicit personal information by email. 

  • DO report spam to reportspam@ccny.cuny.edu  

  • DO read the CUNY Ransomware and Phishing Advisories posted at security.cuny.edu under CUNY Issued Security Advisories. 

  • DO complete information security awareness training located at https://course.enterprisetraining.com/cuny2019/launch/. 

If you have any questions about this security alert, please do not hesitate to contact IT Security at itsecurity@ccny.cuny.edu . 

Thank you for your attention. 

The Office of Information Technology 

 

Last Updated: 02/01/2024 15:17