CUNY CIS urges all to heighten their cybersecurity awareness and guard against responding to email that can potentially be a phish. Phishing remains a prominent method used by attackers to perpetrate financial scams, compromise account access, and cause malware infection, data theft and ransomware attacks.

Security threat identification/symptoms

Phishing email from a address from which you haven’t received email previously. The messages may have a Word document (.docx) attachment with varied requests that includes a link to a Google form Webpage (“…”). Some of these messages are fraudulent job offers, others claim your account will be deactivated, others offer a piano for cheap.

If you think you have already been impacted by this security threat

If you receive a potential phishing message, or if you already responded to a phishing email, immediately contact your campus help desk.

Recommended User Action

  • DO raise awareness to scams by reviewing the CUNY “How to Protect Yourself against Secret Shopper, Personal Assistant, and other Online Scams!” and Phishing advisories posted at under CUNY Issued Security Advisories
  • DO NOT reply to unexpected or unusual email from any sender
  • DO be particularly cautious when an “external source” warning banner is present
  • DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly
  • DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the Web address for the company or institution directly into your Web browser
  • DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services
  • DO change ALL of your passwords if you suspect any account you have access to may be compromised
  • DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen
  • DO remember that official communications should not solicit personal information by email
  • DO read the CUNY Personal Assistant Scam and Phishing Advisories posted at under CUNY Issued Security Advisories
  • DO complete information security awareness training located at

By CSI Technology Services