Technology Systems has confirmed that a phishing email was received by recipients at the College. The bogus email has been removed from the handful of mailboxes that received it and we have reported the email as spam. While Technology Systems continues its investigation, containment, and remediation activities, please review the following information and take action as appropriate.

Security Threat Identification/Symptoms:

The phishing email contained the subject “Webmaster Upgrade.”

If you think you have already been impacted by this security threat:

If you received this message or one similar to it, delete it and do not open any attachment, click on any links, or reply to the message. If you already responded to the phishing email, immediately change your account password and contact the HelpDesk at 718.982.3695.

Recommended User Action:

  • DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly
  • DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe that the request is real, type the Web address for the company or institution directly into your Web browser
  • DO NOT use the same password for your work account, bank, Facebook, etc. In the event that you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services
  • DO change ALL of your passwords if you suspect any account you have access to may be compromised
  • DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen
  • DO remember that official communications should not solicit personal information by email
  • DO read the online CUNY Phishing Advisory posted under CUNY Issued Security Advisories
  • DO complete the online 30-minute information security awareness training

Security Threat Explained

This phishing email contains a link to a site that appears to be a legitimate “Outlook Web App” sign-on page. The site is a fraudulent decoy. Credentials entered into this site are captured by malicious actors to compromise accounts and gain unauthorized access.