Campus & Community

Be Alert: Increased Phishing Email Activity

Tuesday, December 1, 2020, By Eric Ferguson

The Information Security team within Information Technology Services (ITS) has seen an increase in phishing email activity targeting Syracuse University students, faculty and staff in recent weeks. These attacks include password harvesters that provide links directing the recipient to “click here now” or attached documents that require the recipient to log in to gain access. Providing your log-in information through the link or attached document gives the attacker access to your credentials.

It’s essential that you protect yourself and the University against phishing attempts and other cybersecurity threats, including those disguised as unexpected job offers or reminders to reset your NetID password. Be wary of any email that asks you to provide personal information or “click here now.” These emails are designed to get you to provide personal information, including information that could enable an attacker to access your bank account. If you receive a suspicious email, please forward it to itsecurity@syr.edu.

When In Doubt, Don’t Click

Ask yourself these questions the next time you receive a suspicious email:

  • Am I expecting this email attachment or link? Be suspicious of emails sharing documents and links you are not expecting. If you are unsure, contact the sender (preferably via text message, phone or an alternative email address) and verify that they shared a document with you.
  • Do I recognize the sender? Consider the message suspicious if you do not know the sender. Remember, phishers often use compromised accounts to send their messages. They also can forge the sending address. In these cases, the tone of the email might seem strange. If you feel at all unsure, call the sender at a known number to confirm they sent the information.
  • Can I identify the attached document before opening it? Is it clear from the document title and message what the document is and why it is being shared? Phishers often send vague messages stating a document has been shared with you. They rely on your curiosity to open the document. Do not open suspicious shared documents if you are unsure of what it is or who sent it.
  • Does the product or offer seem too good to be true? Beware of emails promising financial gain, quick fixes or easy solutions, as these are likely phishing attempts.