Email Fraud Targeting Students

What happened?
A sophisticated email phishing scam targeting SUNY students is currently active. In this latest scam, the attacker pretends to represent a college IT department, sending an alert that claims that recent system maintenance caused them to lose student user IDs and passwords. The email includes a link for the student to re-enter their student ID and password. The attacker then uses this information to log into the student’s account and change their banking information so that any tuition refunds or money from the college will be diverted to the attacker.

What can you do to protect yourself?

• Remember that neither IT nor the Bursar’s office will send you a link asking you to re-enter lost credentials.

• If you are expecting a refund and have set up direct deposit, log in to MyFIT and verify that the information is correct.

• Watch for emails from domains that are similar to FIT’s—fitnyc.edu—but may be slightly different, such as fitnyc.eu, for example. They are definitely malicious.

About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Be aware—and be cybersafe!

Questions? Comments? Email [email protected] or call 212 217.HELP (4357).