Cybersafe Warning – Many Cyber Scams Are Targeting Students Right Now
Your inbox is brimming with emails from professors, organizations, and maybe even potential employers. But amid the legitimate messages, lurks a very serious hidden danger: phishing scams.
What is phishing, and how can you recognize it?
A phishing attack is a tricky attempt to steal your personal information, such as student IDs, passwords, bank information, and credit card or social security numbers and also financially benefit from it. Attackers often use fake email addresses with a name familiar to you, to gain your trust. It might look like it is coming from a professor, but if the email address is not of an FIT email address, you need to be suspicious and you might want to verify by contacting the person using their FIT email address.
Also, attackers often use texts, or websites that look like they’re from someone you trust (e.g., your bank, a potential employer, or a company you use). They try to lure you into clicking a link or downloading something that gives them access to your information.
These scams can have serious consequences, leading to identity theft, financial losses, and even ransomware attacks. Learn more about how to recognize a phish on our website.
What can you do to protect yourself?
- Contact the Sender Via a Trusted Method: If you are unsure about an email, contact the sender or sender’s organization via their known and trusted method (e.g., FIT email address). Never use phone numbers or email addresses supplied in the suspicious email, including using reply or reply all; the scammer may have crafted a fake number or email to trick you.
- Think Before You Click: Hover over links without clicking to see the actual sender address. If it doesn’t match the sender or seems suspicious, don’t click!
- Be Wary of Urgent Requests: Phishing emails often create a sense of urgency or threaten consequences if you don’t act immediately. Take a breath, slow down, and think critically.
- Check Sender Details: Scrutinize the sender’s name and email address. Misspellings, grammatical errors, and unusual domains should raise red flags.
- Beware of QR Code Phishing or “Quishing”: Don’t scan QR Codes from unverified sources. Always hover over the QR code and make sure the link matches the website it is intended to go to. Read more about QR code scams here.
- Never Share Personal Information: Legitimate organizations won’t ask for sensitive information via email. If unsure, contact them directly through known official channels.
- Report Phishing: If you received a phishing mail, immediately report it. Here are instructions on how to report it.
- Attend a No-Cost Phishing Awareness Training (see section below)
- Commit Our Four Don’ts of Email Safety to Memory
What if you think you already have been the victim of phishing?
If you think you have been a victim of a phishing, please contact [email protected], or open a ticket at techhelp.fitnyc.edu.
How to access phishing awareness training:
LinkedIn Learning provides a comprehensive course titled “Avoiding Phishing Scams.” (You can create an account at no additional cost with your FIT credentials.) The eight-minute-long tutorial will show you how to recognize the signs of a potential phishing scam so that you can keep yourself and the college safe from attacks.
Other free reputable resources include:
About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.
Be aware—and be cybersafe!