Date Released: 12/08/2021

Hello All:

Please proceed with caution if you receive an email with an attachment or a link to any University login page claiming to have information about COVID-19. Multiple Universities have been targeted in this way of late with themes and subject lines indicating that the University is sending you information regarding a COVID-19 variant like Omicron or your COVID-19 test results, when the actual goal is to steal your login credentials or infect your computer with a virus.

There will oftentimes be a harmful attachment or a link to a website that looks exactly like a University, Microsoft, or Google login page. They may also present an imitation Duo prompt to fool you into typing in your Duo passcode in an attempt to bypass two-factor authentication. Please read more about this threat and see screenshots of examples in this article.

What can you do about it if you receive one of these emails?

1. Always verify that an email is legitimate prior to clicking on a link or opening an attachment by reviewing any potential red flags or checking directly with the sender through previously established communication channels. Check the Stronger Together website for the latest University COVID-19 guidance.

2. Forward suspicious emails to phishbowl@stonybrook.edu.

3. Flag the message as phishing. The method for doing so varies slightly depending upon what email system you are on. If using Google, it’s as easy as pressing the three dots next to the reply button and choosing “Report Phishing.” 

If you fall victim to one of these scams, do not panic. Instead, immediately change your NetID password and open a ticket for further assistance via https://service.stonybrook.edu.