Seasonal Advisory: Holiday Season Online Scams and Malware Campaigns

CUNY-CIS Information Security reminds the CUNY community to remain vigilant when browsing and shopping online during the holiday season. Please be aware of common scams:

  • Copycat and fake Websites pose as legitimate ones to capture personal and financial information
  • E-cards and unexpected “gifts” from unknown senders may contain links that lead to malware
  • Fake advertisements, coupons, or shipping notifications may include infected attachments and/or contain links that lead to malware
  • Phishing email messages and fraudulent posts on social networking sites may request support for phony causes or offer “too good to be true” deals on merchandise
  • Security or “fix or tune up your PC” software offered as an unexpected pop-up ad

To avoid such seasonal risks that could result in a security breach, identity theft, or financial loss:

  • Approach all unsolicited offers and communications with skepticism and caution
  • Do not follow unsolicited links or download attachments from unknown sources
  • Always compare a link in an email to the link you are actually directed to and determine if it matches and will lead you to a legitimate site
  • Turn on enhanced account authentication features that use a companion mobile app to verify account activity or text unique verification codes to your mobile device
  • View online shopping safety tips by the Department of Homeland Security, the National Cyber Security Alliance  [PDF],  and the Federal Trade Commission
  • Refer to advisories posted at security.cuny.edu under “CUNY Issued Security Advisories”

If you believe you are a victim of an online scam or malware campaign, please report it to your campus IT Help Desk and consider the following actions:

  • Advise your financial institution immediately of any account information that may have been compromised. Watch for unexplained charges to your account
  • Immediately change any passwords that you might have revealed. If you used the same password for multiple Websites make sure to change it for each account, and do not use that same password in the future