If you believe you have responded to a phishing attack which might compromise your accounts, you should immediately change your password(s) and notify the CIT HelpDesk at 585-245-5588.
What is Phishing?
One of the most common security threats faced by Internet users is an scam known as phishing. Phishing is an attempt at identity theft where the criminal impersonates some official entity and tries to get the victim to provide information, such as Social Security numbers, Credit Card numbers, and passwords, or perform an action, such as initiating a wire transfer or buying gift cards.
Email is the common avenue for phishing attacks. Email phishing attacks occur against Geneseo users almost daily. The criminal will send an email with a subject line and body that appear to come from an official source:
From: Geneseo Helpdesk <firstname.lastname@example.org>
Subject: SUNY Geneseo Helpdesk
Your account has been targeted for deletion. In order not to lose your account you need to send us your username and password immediately in order to confirm your identity.
Alternatively you can click on the following link to login and verify your identity:
Geneseo Help Desk
You should always distrust such communications.
How should I guard against Phishing attacks?
- Never send your account password or any personal information to anyone via email. No reputable organization will ever ask you to send them such information via email.
- Never give someone who calls you on the phone your personal information. If necessary, tell them you will call them back. Look up the publicly listed phone number for the organization and contact them.
- Never click on a link embedded in an email unless you have verified the sender's email address to be legitimate and you trust them. Even then, it is always better to retype the URL vs. clicking a link. A link can be made to look like a legitimate URL when it in fact goes to some place entirely different. Try clicking on the link shown above in the fraudulent email to see an example.
- You should carefully check the email address of the sender of any communication and do not trust the text preceding the address.
- If you click on an embedded link (which we don't recommend), look carefully at the URL in the browser to make sure it is the real web site for the organization. Criminals can be very clever in crafting domain names and web pages that look very close to official sites.