You may have received an email  with the subject “Faculty & Staff Account Authentication Notice,” starting with “Dear Outlook Account User” (see email below).  Please be advised that the mail is spam and is coming from a compromised email account that has been temporarily deactivated. Do not click on the link in the email.

Email arriving in your inbox stating that “your account has been compromised,” “suspicious activity has been detected,” “credit card and/or bank offers,”  or “your password is about to expire,”  to name a few, are spam related.  If opened, the email will ask you to click on a link found inside the email or ask you to reply with personal information.  If you receive an email of this type, you should delete the email without opening it. If opened, these emails will almost always contain a clickable link inside. You should never click on the link found inside the email or reply with any personal information.

If you disclosed your user ID and password, then you must change your password immediately on any and all systems where the password is used.

Never reply to any email that asks you for your personal information regardless of how official it appears. The College of Staten Island and CUNY will not and should not be asking for personal information via email.

Do not be curious under any circumstance and

-do NOT release it from your Proofpoint quarantine

-do NOT click on the links and do NOT enter your credentials

-do NOT forward it around, delete it.

Here are some steps to follow to keep your identity secure:

1. Avoid clicking on any Web links from within an email. These embedded links may direct your Internet browser session to illegitimate Websites asking for personal information and could also download malicious code, such as viruses or spyware, onto your machine. Instead, start a new Internet browser session and enter the legitimate Website address into the address bar of the browser.

2. The content of many phishing emails can be very threatening (e.g., account closure, account verification, account updates, account is limited) and can be convincing to entice the user to follow through with the provided instructions.  By far, most institutions will use non-Internet methods, such as the U.S.  Postal Service, to send these types of notices and then will only send them to your official address of record. If in doubt about the legitimacy of these threatening emails, call the institution using the phone number on your last statement or on the back of your credit card.

3. Similarly financial institutions generally require some form of an initial setup to be completed prior to allowing electronic banking services. An online relationship is usually not established automatically or only through an exchange of emails.  Become familiar with your financial institution’s online registration process and how the electronic relationship may change from time to time. If in doubt, call the institution using the phone number on your last statement or on the back of your credit card.

4. Update your computer’s operating and Internet browser software on a regular basis. These updates routinely include security enhancements.

5. Maintain anti-virus programs to the current level of protection.

6. Select and maintain passwords that are difficult to guess and change them regularly.

If you still believe an email to be valid, you should always try to verify the email before opening by contacting the sender if possible. If the sender can’t be verified, then the email should be deleted.

Internet scams and identity thefts are on the rise. Bogus emails are composed in such a way that they look legitimate to the spam detection in place at all organizations, allowing them to temporarily bypass the devices.  Be cautious when going through your inbox and look for the signs described above to alert you to these bogus emails.

If you have any questions, please contact Office Automation and User Services at 718.982.2162.