SUNY Phishing Attack

What happened?

SUNY is reporting that many campuses are experiencing a phishing attack. At least one person at FIT was targeted. This attack is particularly clever in that clicking the infected link or button in the email redirects you to a site that harvests email addresses and subject lines in your email account, and uses them to construct believable phishes to your contacts.


The scam emails claim to be sent from other SUNY campuses or, potentially, FIT email addresses. The messages contain a link or a button, and if you hover your mouse over the link, it will display an address with a .icu domain, e.g. SOMEDOMAIN.ICU.


A sample click-button and the associated link is reproduced below. Note the .icu domain, underlined here for emphasis.

What can you do to protect yourself?

  • Be especially careful with emails coming from other SUNY entities, especially if they have a link or a click-box.
  • Hover your mouse over links and click-boxes and look at the link displayed. If it contains .icu, delete the email.
  • Note: Don’t follow the usual procedure for reporting a phish; we don’t want to add SUNY schools to phishing lists.

Where can you get more information?

For more information, please visit IT’s website at

About Cybersafe

The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Be aware—and be cybersafe!

Questions? Comments? Email [email protected] or call (212) 217-HELP (4357).