Ken Ihrer
Dear Campus Community,
Just this week, multiple college campuses have been attacked with crippling ransomware. Please be extra cautious on any requests to provide personal or protected information to all requestors – particularly if it seems odd that you would be asked for information from the sender. Use back channels, like calling the person with a known number, to verify a request for personal or protected information. Also, be on alert for text messages coming from colleagues, including senior leadership. If you do not recognize the cellphone number and it isn't in your contacts, suspect that it is fraudulent. Use the block caller feature if you receive a fraudulent text.
Another phish that is highly active right now is to send you a text or call you saying that this is the IT department trying to fix/migrate/terminate/etc your email account. They then tell you we are going to send you a verification code but what they are actually doing is all part of their phishing attack. CCNY's IT department does not send verification codes, ask for passwords, nor do we terminate email accounts, unless you are no longer with CCNY. If anyone contacts you saying they represent the IT department and they are requesting a code or your password for any sort of verification purpose, you should immediately hang up and contact the service Desk.
Below is the message that the Office of Information Technology sent out earlier this week. It is here to remind you of things you can do to help protect our campus.
Recently, our campus has been the target of numerous phishing attacks using a variety of fraudulent offers and notices. These attacks primarily target Students, Staff and Faculty with fake notices of account termination, fraudulent job offers, and fake requests from supervisors and other administrators to purchase gift cards.
The attacks are carried out by using college accounts that were compromised in some form, impersonating college offices or officers, as well as accounts made on free email platforms such as Google (Gmail) and Outlook. We encourage everyone to exercise a high level of caution when reading email with the [external] tag or those with offers that are too good to be true.
If you think you have already been impacted by this security threat
If you receive a potential phishing message, or if you already responded to a phishing email, immediately contact the IT Security Office at itsecurity@ccny.cuny.edu or the CCNY Service Desk at servicedesk@ccny.cuny.edu .
Recommended User Action
- DO NOT reply to unexpected or unusual email from any sender.
- DO be particularly cautious when the “external source” warning banner is present.
- DO NOT reply to email or text messages with any personal information, passwords, or MFA verification codes. Your password or MFA verification code should never be shared for any reason. If you have reason to believe that the request is real, contact the CCNY Service Desk at servicedesk@ccny.cuny.edu or (212) 650-7878.
- DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
- DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services.
- DO change ALL of your passwords if you suspect any account you have access to may be compromised.
- DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen.
- DO remember that official communications should not solicit personal information by email.
- DO report spam to reportspam@ccny.cuny.edu
- DO read the CUNY Ransomware and Phishing Advisories posted at security.cuny.edu under CUNY Issued Security Advisories.
- DO complete information security awareness training located at https://course.enterprisetraining.com/cuny2019/launch/.
If you have any questions about this security alert, please do not hesitate to contact IT Security at itsecurity@ccny.cuny.edu .
Thank you for your attention.
The Office of Information Technology
Ken Ihrer
Vice President of Information Technology
Chief Information Officer
The City College of New York
160 Convent Avenue
New York, NY 10031