Identity Theft and Targeted Attacks

Due to the recent cyber-attack targeted toward Empire Blue Cross and Blue Shield and the compromised mailboxes affecting some of our users yesterday, I am sending this in order to alert the user community on email that you may receive that should be either ignored or verified before you open and/or respond.

Please be advised that email arriving in your inbox stating that “your account has been compromised”, “suspicious activity has been detected”, “credit card and/or bank offers”  or “your password is about to expire”,  to name a few, are spam related. If you receive an email of this type, you should delete the email without opening it. If opened, these emails will almost always contain a clickable link inside. You should never click on the link found inside the email or reply with any personal information. Also, bogus emails usually contain attachments in the form of zip files or exe files. These files are almost 100% of the time viruses and should be deleted. If the attached file is run, your computer may be affected with a virus. These viruses are extremely dangerous and will stop your computer from functioning correctly. The newer viruses being used today will corrupt most of the files on your computer rendering your personal items such as documents, photos, and videos useless.

HOW TO PROTECT YOURSELF

First and foremost, always keep you virus software, operating system, and Web browser up to date with the latest patches.

If you disclosed your user ID and password, then you must change your password immediately on any and all systems where the password is used.

Never reply to any email that asks you for your personal information regardless of how official it appears. The College of Staten Island and CUNY will not and should not be asking for personal information via email.

Do not be curious under any circumstance and

-do NOT release it from your Proofpoint quarantine.

-do NOT click on the links and do NOT enter your credentials.

-do NOT forward it around, just delete it.

-do NOT click on or run any executable attachments. Executable attachments are files that have .exe, .bat, or .zip at the end of the attached file name.

Make backups, either on a USB flash drive or a portable hard drive, of important files on your computer (files that you do not want to lose or can’t be replaced in case your computer becomes infected).  Do not keep the flash drive or hard drive with your backup connected to your computer. If connected to the infected computer, your backup can become infected too.

Internet scams and identity theft are on the rise, some steps to follow to keep your identity secure include:

  1. Avoid clicking on any Web links from within an email. These embedded links may direct your Internet browser session to illegitimate Websites asking for personal information and could also download malicious code, such as viruses or spy ware, onto your machine. Instead, start a new Internet browser session and enter the legitimate Website address into the address bar of the browser.
  2. The content of many phishing emails can be very threatening (e.g., account closure, account verification, account updates, account is limited) and can be convincing enough to entice the user to follow through with the provided instructions. By far, most institutions will use non-Internet methods, such as the U.S.  Postal Service, to send these types of notices and then will only send them to your official address of record. If in doubt about the legitimacy of these threatening emails, call the institution, using the phone number on your last statement or on the back of your credit card.
  3. Similarly, financial institutions generally require some form of an initial setup to be completed prior to allowing electronic banking services. An online relationship is usually not established automatically or only through an exchange of emails. Become familiar with your financial institution’s online registration process and how the electronic relationship may change from time to time. If in doubt, call the institution, using the phone number on your last statement or on the back of your credit card.
  4. Computer operating system and Internet browser updates routinely include security enhancements blocking newer viruses and should be applied.
  5. Again, maintain anti-virus programs to the current level of protection with newest updates.
  6. Select and maintain passwords that are difficult to guess, and change them regularly. Passwords that consist of just regular vocabulary words can be hacked much more easily that passwords that contain numbers and symbols in addition to words. Birthdate, house number, names of family members, names of pets, password, and repeating numbers or letters, to name just a few, are not good choices for a password.

If you still believe an email to be valid, you should always try to verify the email before opening by contacting the sender if possible. If the sender can’t be verified, then the email should be deleted.

Bogus emails are composed in such a way that they look legitimate to the spam detection in place at all organizations allowing them to temporarily bypass the devices. Be cautious when going through your inbox and look for the signs described above to alert you to these bogus emails.

If you have any question, please contact Office Automation and User Services at 718.982.2162.