Please be advised that a phishing attempt is circulating through CUNY Central. The warning email from Central follows:
Subject: CIS Security Alert: Phishing email received 7/5/2018
CIS has confirmed that a phishing email was received by some recipients in the Central Office. While CIS continues its investigation, containment, and remediation activities, please review the following information and take action as appropriate.
Security Threat Identification / Symptoms
A phishing email with the subject “Your Payment Has Been Sent” from “Bethpage Credit Union.”
If you think you have already been impacted by this security threat
If you received this message or one similar to it, delete it and do not click on any links, open any attachment, or reply to the message. Access to the site has been blocked.
Recommended User Action
- DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
- DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the Web address for the company or institution directly into your Web browser.
- DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services.
- DO change ALL of your passwords if you suspect any account you have access to may be compromised.
- DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen.
- DO remember that official communications should not solicit personal information by email.
- DO read the CUNY Phishing Advisory posted at security.cuny.edu under CUNY Issued Security Advisories.
- DO complete the 30-minute information security awareness training located at security.cuny.edu.
Security Threat Explained
This phishing email contains a link to a malicious phishing Website designed to capture private information.
Security Alert Updates
CIS will send an update if/when there is more information to share.
Robert N. Berlinger, CISSP
Chief Information Security Officer
City University Of New York