If you believe you have responded to a phishing attack which might compromise your accounts, you should immediately change your password(s) and notify the CIT HelpDesk at 585-245-5588.
What is Phishing?
One of the most common security threats faced by Internet users is an scam known as phishing. Phishing is an attempt at identity theft where the criminal impersonates some official entity and tries to get the victim to provide information, such as Social Security numbers, Credit Card numbers, and passwords, or perform an action, such as initiating a wire transfer or buying gift cards.
Email is the common avenue for phishing attacks. Email phishing attacks occur against Geneseo users almost daily. The criminal will send an email with a subject line and body that appear to come from an official source:
Never send your account password or any personal information to anyone via email. No reputable organization will ever ask you to send them such information via email.
Never give someone who calls you on the phone your personal information. If necessary, tell them you will call them back. Look up the publicly listed phone number for the organization and contact them.
Never click on a link embedded in an email unless you have verified the sender's email address to be legitimate and you trust them. Even then, it is always better to retype the URL vs. clicking a link. A link can be made to look like a legitimate URL when it in fact goes to some place entirely different. Try clicking on the link shown above in the fraudulent email to see an example.
You should carefully check the email address of the sender of any communication and do not trust the text preceding the address.
If you click on an embedded link (which we don't recommend), look carefully at the URL in the browser to make sure it is the real web site for the organization. Criminals can be very clever in crafting domain names and web pages that look very close to official sites.
How can I help to protect SUNY Geneseo from Phishing?
When CIT receives reports of widely delivered malicious emails, we will post an alert on The Phish Bowl.