Phishing emails have been circulating through CUNY, either pretending to be from a CUNY employee or asking for information about a CUNY employee (i.e., phone number)

Please be cautious of emails that appear to be from someone with whom you work. Always look at the sending address to see if it is actually coming from a CUNY address. If you are suspicious of the email, try to verify the legitimacy of the sender by contacting them. Also, be very cautious of emails asking you to enter contact information for people working at the College.

These emails are spam/phishing attempts and should be immediately deleted.

Some guidelines to follow:

If you receive a suspicious email:

-Do not reply, even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.

-Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.

-Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the message and meant to send an attachment.

-Do not enter your personal information or passwords on an untrusted Website or form referenced in this email.

-Report any suspicious messages that contain a suspicious attachment or link to the College HelpDesk at

-Delete the message.

If you responded to a suspicious email:

-Contact your financial institution. Report the content of your email and your actions to the security or fraud department.

-Change the passwords to all online accounts that may have been compromised.

-File a police report. It may be necessary to file a police report depending on what information was given out.

-Never email your personal or financial information. Email is not a secure method of communicating sensitive information. Remember that legitimate financial institutions never ask for sensitive information via email.

-Review your credit card and bank account statements.

-Check your bank and credit card accounts regularly for any suspicious activity or unauthorized charges.

-Use preferred security methods.

-Use a unique password for each of your online accounts. Many people reuse a favorite password for multiple accounts, but if one of these accounts is compromised, they will all be at risk of data breach.

-Run a full virus scan of your computer every month. To detect the latest viruses, you must use a current version of your anti-virus software and keep it updated.

-Update your device’s operating system with the latest security patches, including your mobile operating system.

-Keep your software updated, especially your Web browser, operating system, mobile operating system, and Adobe products.

-Use caution with tax information: From the Internal Revenue Service: “Scams can be sophisticated and take many forms. Especially during tax season, we urge people to protect themselves and use caution when viewing emails, receiving telephone calls or getting advice on tax issues. Always keep your personal information safe and secure.”

By Thomas Lauria