Cyber criminals are coming out with new attacks and the best defense against them is education and vigilance. You may have noticed that these cyber attacks are becoming more cleverly disguised and deceptive. Stony Brook email systems have recently been targeted by SPAM and fraudulent email messages as cyber criminals try to take advantage of the University’s migration away from Lotus Notes. It’s becoming harder to tell when these emails are fraudulent because they appear to be sent from a legitimate organization on campus and appear to have a valid email address.
Please pay close attention when you see emails that refer to account upgrades, webmail, help desk mandates, or the like. These are SPAM and a form of email phishing that targets specific user communities. Spammers use public information like Stony Brook’s email migration project to lure unsuspecting recipients to sites requesting NetIDs and passwords, or to sites that install malware on computers that may in turn steal local information from the computer.
Read email carefully. Do not reply to or click on links or images in unsolicited email. Never click on anything in an unsolicited email no matter how authentic the message may look. Never divulge sensitive personal information (passwords, credit card information, Social Security number, date of birth, SOLAR password, NetID password, etc.). No one from the University or the Division of Information Technology will ever ask you for this information via email.
If you use Lotus Notes, you can report these types of phishing attempts to our spam filter provider by highlighting the message and clicking on “Actions > This is Spam” from the menu bar. If you use Google Apps for Education, use the “Report Spam” button at the top of your page to identify SPAM mail.
Common phishing attempts purport to be from trusted sources (banks, credit unions, charitable or grant-awarding foundations, etc.). Passwords and other sensitive information can be used to steal your identity. In addition to identity theft, sensitive personal information can be used to compromise University systems. It is more than likely that emails with such links are forged and are fraudulent attempts to steal your account and personal information. If you feel a University account has been compromised, please contact University Police.