CUNY/CIS Information Security reminds the CUNY community to remain vigilant when browsing and shopping online during the holiday season. Please be aware of some prevailing scams:

  • Copycat and fake Websites pose as legitimate ones to capture personal and financial information.
  • E-cards and unexpected “gifts” from unknown senders can contain links that lead to malware.
  • Fake advertisements, coupons, or shipping notifications may include infected attachments and/or contain links that lead to malware.
  • Phishing email messages and fraudulent posts on social networking sites may request support for phony causes or offer “too good to be true” deals on merchandise.
  • Security software offered as an unexpected pop-up ad could be from a scammer.

To avoid such seasonal campaigns that could result in a security breach, identity theft, or financial loss:

  • Approach all unsolicited offers and communications with skepticism and caution.
  • Do not follow unsolicited links or download attachments from unknown sources.
  • Always compare a link in an email to the link to which you are actually directed and determine if it matches and will lead you to a legitimate site.
  • View online shopping safety tips by the Department of Homeland Security, the National Cyber Security Alliance, and the Federal Trade Commission.
  • Refer to advisories posted online under “CUNY Issued Security Advisories.”

If you believe that you are a victim of an online scam or malware campaign, please report it to the CUNY/CIS Service Desk (, 646.664.2311) and consider the following actions:

  • Advise your financial institution immediately of any account information that may have been compromised. Watch for unexplained charges to your account.
  • Immediately change any passwords that you might have revealed. If you used the same password for multiple Websites, make sure to change it for each account, and do not use that same password in the future.