Phishing emails mimic college initiatives
What happened?
Recently one of the other SUNY campuses experienced a spear phishing attack (personalized phishing attacks that appear to be from a trusted source). The attacker sent an email purporting to be from the institution’s president regarding a new business integrity program. The emails had the correct branding and trademarks of the institution and imitated the president’s signature block. In this case, however, the actual “from” address was not from the institution. Recently, spear phishers have been targeting colleges by taking advantage of high-profile initiatives or events to create believable emails.
How does it impact the FIT community?
Cybercriminals use information gathered from LinkedIn, Facebook, and FIT webpages, as well as staff directories, upcoming events, and public announcements to create believable spear phishing attacks. This technique is referred to as social engineering, and it is one of the most effective ways to trick people into revealing personal information.
What can you do to protect yourself?
- Pay close attention to the sender’s email address.
- FIT email addresses end with @fitnyc.edu. Email addresses that end in @aol.com or @gmail.com claiming to be an FIT employee or department should be treated with caution.
- Make sure the email address in the “from” field matches the sender information. On some devices, the email address will not display until you click to see additional details.
- Mouse over any links in the email to see where it leads.
If you are unsure about an email from a fellow employee, division, or department, call them on their FIT extension or a phone number that is known to you. Don’t use any number supplied in the suspicious email and do not forward the email to other employees to confirm the legitimacy.
Where can you get more information?
More information, including how to report phishing, can be found on IT’s website at it.fitnyc.edu/phishing.
About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.
Be aware—and be cybersafe!
Questions? Comments? Email [email protected] or call (212) 217-HELP (4357).