If you believe you have responded to a phishing attack which might compromise your accounts, you should immediately change your password(s) and notify the CIT HelpDesk at 585-245-5588.

What is Phishing?

One of the most common security threats faced by Internet users is an scam known as phishing. Phishing is an attempt at identity theft where the criminal impersonates some official entity and tries to get the victim to provide information, such as passwords, Social Security numbers, or Credit Card numbers, or perform an action, such as initiating a wire transfer or buying gift cards.

Email is the common avenue for phishing attacks. Email phishing attacks occur against Geneseo users almost daily. The criminal will send an email with a subject line and body that appear to come from an official source such as HR, CIT, or NYS. You should not trust such communications.

How should I guard against Phishing attacks?

Never send your account password or any personal information to anyone via email. No reputable organization will ever ask you to send them such information via email.
Never give someone who calls you on the phone your personal information. If necessary, tell them you will call them back. Look up the publicly listed phone number for the organization and contact them.
Never click on a link embedded in an email unless you have verified the sender's email address to be legitimate and you trust them. Even then, it is always better to retype the URL vs clicking a link. A link can be made to look like a legitimate URL when it in fact goes to some place entirely different. Hover over links to see the real URL they are leading you to.
You should carefully check the email address of the sender of any communication and do not trust the text preceding the address.
If you click on an embedded link (which we don't recommend), look carefully at the URL in the browser to make sure it is the real web site for the organization. Criminals can be very clever in crafting domain names and web pages that look very close to official sites.

How can I help to protect SUNY Geneseo from Phishing?

When CIT receives reports of widely delivered malicious emails, we will post an alert on The Phish Bowl.
If there is not a recent warning on the Phish Bowl, report the phishing in Gmail. To do so click 3 dots next to the reply arrow and select "Report spam" or "Report phishing."
If you have a specific question about the phishing email, you can also report it to the Help Desk by forwarding it to helpdesk@geneseo.edu.
Most importantly, never reply to suspicious messages and don’t fill out forms or sign-in screens that link from these messages.

What is Phishing?

How should I guard against Phishing attacks?

How can I help to protect SUNY Geneseo from Phishing?

Related Articles