Threat Archives

What happened?The FBI is investigating widespread cybercriminal activity targeting college and university students via spear phishing. Spear phishing, in contrast to traditional phishing, involves highly targeted phishing emails sent to a specific group of individuals—in this case, students with federal student loans. In these more sophisticated phishing attacks, the bad actor will contact the student […]

What happened?We write to remind you to remain vigilant against cyber scams related to the coronavirus (COVID-19). Information security authorities have seen a rise in phishing attempts where the bad guys are spoofing government agencies taking advantage of the COVID-19 narrative. Examples of these scams include:Phishing emails, texts, and phone calls with the subject “COVID-19 […]

Read Full Zoom Advisory from the Department of Homeland Security here. UPDATE: Effective on May 5 at 12noon the ability to link Zoom to your FIT Google account will be revoked. Email sent to All FIT Employees on Wednesday, April 29th: The Division of Information Technology continues to support the FIT community while we work […]

Google Alerts is a useful service that allows you to receive emails when new pages appear in the Google search index that are related to specific keywords, such as “FIT.” Unfortunately, there is a new scam that takes advantage of this feature. Recently bad actors have begun injecting malicious sites into the Google search indexes […]

Two-factor authentication (2FA) is a security feature designed to prevent unauthorized access to many online accounts, like your email account and your social media accounts. If you enable two-factor authentication, you’ll be asked to enter a special login code or confirm your login attempt each time access to your account is attempted from an unauthorized […]

We’ve been advised by SUNY’s information security team that cybercriminals are leveraging the recent tragedies in New Zealand and Ethiopia as pretexts for email phishing attacks. Unfortunately, hackers will take any advantage of incidents like these to steal money and information, and/or plant malware. (Please see our similar advisory from last September regarding phishing attacks based […]

Criminals seeking to steal identities are abusing the U.S. Postal Service’s Informed Delivery, a service that allows you to digitally preview your mail and manage package delivery. The scam takes advantage of the weak verification method used by USPS to authenticate new customers; USPS uses information available on websites like spokeo.com, zillow.com, and social media […]

Cybercriminals often try to capitalize on the outpouring of support for those impacted by natural disasters to trick those seeking to help to reveal private information or downloading malicious software. Numerous scams are circulating via email and social media from cyberattackers hoping to take advantage of people looking to help those affected during hurricane season. […]

Several “summer job opportunity” fliers have been spotted around campus.  This multi-level marketing company did not have permission to post their fliers on campus.  IT would like to take this as an opportunity to remind the FIT community that cyber criminals also try to take advantage of college students looking for work, wanting to make […]

What happened? SUNY is reporting that many campuses are experiencing a phishing attack. At least one person at FIT was targeted. This attack is particularly clever in that clicking the infected link or button in the email redirects you to a site that harvests email addresses and subject lines in your email account, and uses […]

What happened? We’ve been made aware of a phone scam targeting students at other SUNY campuses where criminals are impersonating SUNY Admissions or other administrative offices and asking for sensitive information. To give the appearance of credibility these attackers are also using a technique called “caller ID spoofing” to make it appear that the call […]

What happened? There has been a reported increase in the number of government employees reporting “sextortion” hoax emails throughout the country and we’ve had at least one report at FIT this week. In this phishing scam the perpetrator threatens to release compromising webcam footage if the victim does not pay a ransom. This is another […]

Your phone rings and the Caller ID displays “911”. You answer it immediately because “911” is synonymous with emergencies. The operator tells you that someone close to you has been a severe accident.  You are very shaken and concerned. The operator proceeds to ask you several personal questions to help them with the care of […]

What happened? “Malspam” is short for malware spam—a word to describe any malware that is delivered via email. A malspam campaign that is currently circulating mimics a FedEx shipping confirmation with a person’s real name, Social Security number, and a “tracking number.” Victims that click on the link will be redirected not to a FedEx […]

What happened? Recently one of the other SUNY campuses experienced a spear phishing attack (personalized phishing attacks that appear to be from a trusted source). The attacker sent an email purporting to be from the institution’s president regarding a new business integrity program. The emails had the correct branding and trademarks of the institution and […]

Cybercriminals have historically used high-profile events, such as the Olympic Games, to disseminate malware and conduct scams, fraud, and cyber-espionage. It is highly likely that cybercriminals will recycle old tactics such as Olympic-themed phishing emails, malvertising, and malicious mobile apps, as well as develop new methods to compromise target devices and accounts. Similar campaign tactics […]

Cybercriminals have historically used high-profile events, such as the Olympic Games, to disseminate malware and conduct scams, fraud, and cyber-espionage. It is highly likely that cybercriminals will recycle old tactics such as Olympic-themed phishing emails, malvertising, and malicious mobile apps, as well as develop new methods to compromise target devices and accounts. Similar campaign tactics […]

What happened? A sophisticated email phishing scam targeting SUNY students is currently active. In this latest scam, the attacker pretends to represent a college IT department, sending an alert that claims that recent system maintenance caused them to lose student user IDs and passwords. The email includes a link for the student to re-enter their […]

What happened? Multiple cybersecurity flaws have been discovered recently that leave nearly every computer and phone vulnerable, allowing cybercriminals the ability to access your private data: passwords, credit card details, photos, etc. Meltdown affects laptops, desktop computers and internet servers with Intel chips. Spectre affects some chips in smartphones, tablets, and computers powered by Intel, […]

What happened? A security flaw in the macOS High Sierra allowing attackers to bypass administrator authentication without supplying a password was discovered Tuesday, November 28 and a patch released by Apple on November 29. How does it impact the FIT community? Campus computers, including office, classroom and lab computers are not impacted by this threat […]

You may have seen media coverage this morning about another widespread ransomware attack, called “Bad Rabbit,” that has impacted thousands of computers in Europe. Ransomware is software that encrypts your files and then demands payment to the attacker for the decryption key. While there have been few reports of attacks in the United States so […]

What happened? Equifax, one of the three nationwide credit-reporting bureaus, announced Thursday that they were the victims of a data breach in which cybercriminals stole the information of nearly 143 million people. The data exposed includes names, Social Security numbers, birth dates, addresses, and ID numbers of some driver’s licenses. The credit card numbers of […]

What happened? The latest patch for Apple’s iOS 10.3.3 fixes a vulnerability being called “Broadpwn.” An attacker in proximity to unpatched devices can potentially take control of the device without the victim’s knowledge. This could include turning on the microphone or camera, or accessing data or photos on the phone. The patched vulnerability arises from […]

Cybercriminals are increasingly targeting you through your smartphone. Attackers send texts that trick you into doing something against your own best interest. This type of security attack is called SMiShing, short for “SMS phishing” trick the target into downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile devices or trick the target into revealing […]

What happened? A new security threat allows malicious software to be installed on computers running Microsoft Office. The target users receive an email with a Powerpoint attachment. If they click to open the attachment the link “Loading…Please wait” appears.  When they hover over the link the malware installs automatically if they are using Microsoft Office […]

What happened? A hacking tool created by the NSA that was leaked earlier this year is now behind a massive ransomware attack happening around the world. The ransomware, called “WannaCry,” locks down all the files on an infected computer. The victims monitor shows a message “Oops, your files have been encrypted!” and demands they pay $300 in […]

Yesterday, you may have received invitations in either your FIT or personal Gmail accounts to share a Google Drive document from a recognizable name at FIT, mailing list you belong to, or personal contact. This was a nationwide email phishing scam that lured the reader to click on an “Open in Docs” button. When individuals […]

Log into your Google AccountGo to the My Account Page (https://myaccount.google.com/)Click on Device Activity and Notification Under recently used devices click Review Devices From the list find the lost or stolen phone or device and click “remove”

An email spoofing FIT’s TechHelp was sent to some employees, who correctly identified the message as a Phishing attempt. If you received an email with the Subject: ALERT: Email Scams at FIT, do not click on the links and report the email as Phishing.  The email is not from the Division of Information Technology. If you […]

FIT and other SUNY campuses have recently seen a number of spoofed requests to open documents in Dropbox. The requests come in email and appear to come from legitimate FIT email addresses, but the “sender” is not someone who would communicate with you over Dropbox and the subject line is blank or nonsensical. The phish […]

In 2017, approximately 30% of all reported data breach incidents were related to the theft of W-2 information, which was likely used for tax fraud. -IRS It is that time of year again, tax time! Every year thousands of people fall victim to tax scams. Criminals use many tactics to fool individuals, payroll and tax professionals. […]

Cyber criminals are taking advantage of college students looking for work and wanting to make extra money during their limited free time. Scammers target student emails and places students look for work and to connect with employers. Below you will find some of the scams meant to target students looking for a job. Phony Job […]

How the Phishing attack works The newest phishing scam is so “efficient” that many experienced technical users have reported falling for it. The scam tricks Gmail users into revealing their login credentials.The phishing attack starts with an email that contains what appears to be an attached PDF document, but is, in reality, an embedded image […]

SUNY has reported that users at many colleges that use Blackboard are receiving emails similar to the one below, trying to get them to download course notes. “Hey guys, I just found some really helpful notes for the upcoming exams for FIT courses at https://oneclass.com/s/signup. I highly recommend signing up for an account now that […]

December 21 Update Earlier this week we informed you that Lynda.com suffered a data breach. Additionally, some of you may have received an email from Lynda.com directly advising you about the breach. In almost every case the information that was exposed was name, FIT email address, and the list of courses taken.  Lynda.com also informed […]

In September we shared a warning of a 2014 breach of Yahoo accounts that was discovered this year. On December 14, Yahoo announced that over 1 billion accounts might have been compromised in a separate attack in 2013. As with the previous attack, Yahoo warns, the account information may have included names, email addresses, telephone […]

There has been a recent increase in scams targeting colleges. In a typical scenario, a caller poses as an employee of a big-name computer company such as Microsoft or Dell and tells the victim that their computer is infected with a virus and it needs to be remedied. If successful, the scammer convinces the victim […]

Did you know that scammers could be after your credit card information and your money? Scammers use social media and word-of-mouth to target student populations at U.S. colleges and universities by claiming to offer discounts on school tuition if the student makes a tuition payment via the fraudulent site. The victims are subsequently asked to […]

You may have seen on media outlets that Yahoo has confirmed information from 500 million of its accounts was stolen in 2014. According to Yahoo, the account information may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords and, in some cases, encrypted or unencrypted security questions and answers. Yahoo will contact […]

To the FIT Community: Apple has announced vulnerabilities on the iPad and iPhone that allows an attacker to take full control of your device, including turning on your microphone and camera and/or recording all your keystrokes.  The attack is delivered by sending you a specially designed text that includes a link: If you click on […]