Spot Fraudulent Emails (Phishing)
Confirm the source
- Some fraudulent emails (phishes) targeting Cortland are listed at The Phish Bowl
- If the request appears to be from a Cortland department, contact the department with the information you find when you look up its number at Offices A-Z
- If it appears to be from a service outside SUNY Cortland, such as your bank, PayPal, eBay, or a credit card, ask yourself do I use this service, if so log in directly do not follow the link in the email. For instance, go to paypal.com and log in, or keybank.com, do not follow the link.
- Be suspicious of links email going to sites that almost look like a SUNY Cortland login page, the only login page for SUNY Cortland is the myRedDragon login page.
- Check the login page for the URL, it should be in a cortland.edu domain.
- Report suspected phishes to the Information Security Office
As criminals gain access to more information about people, Internet fraud attempts become more sophisticated and narrowly targeted. Some attempts are spear phishing, where the attackers know enough about you to make you think the request is real.
Messages claiming to be from a SUNY Cortland office or official, requesting personal information and passwords. SUNY Cortland will not ask for your password via email. If you receive a request to log in to SUNY Cortland services please login at myreddragon.cortland.edu .
Invitations to see photos of family or friends, greeting cards, or pleas for disaster relief assistance.
The SUNY Cortland logo and logon paged have been cloned to mimic a login page, check the URL.
Clues that may indicate a scam
- It's poorly written. It may be written with ALL CAPS, have spelling and grammar errors, or it may seem fragmented.
- It asks you to send personal information (Social Security, credit card, bank account, passwords, date of birth, address, phone numbers, etc.).
- It tries to scare you into reacting by creating a sense of urgency with exclamation points, words like “immediately,” or threatening to close an account. SUNY Cortland will not communicate these issues with you via email.
- It has a From address that doesn’t make sense or doesn't match the domain where it really came from.
- Do not rely on just the name, check the from address
- It requests money for disaster relief or another cause.
Hover over URLs before you click
Don’t assume that what you see is where you’ll go when you click.
In many browsers and email programs, hovering over a link (without clicking) lets you see the ACTUAL URL for the link. If the underlying link is different, be very cautious. As an example, hover over the link below and look for the real link to display in your browser (often in the bottom left corner):
Also be cautious of any link that doesn’t clearly indicate where it leads, like links that say (hover over these to see what's hidden beneath):
Watch out for forged email addresses
Be suspicious, if it looks weird report it.
READ MORE ON PHISHING
2019-07-11 11:16:35.532 - SAWS - JP