Campus Technology Services (CTS) will resolve this particular phishing scam incident and be on the lookout for similar ones. Unfortunately, this time of year is a popular time for hackers to target colleges and universities.
Going forward, please continue to contact us if you think you received a phishing scam. While Google does a good job blocking phishing scams, some do get through. By contacting us, we can teach Google to block that one and/or similar ones.
For future reference, no legitimate organization should ever ask you for your login credentials either on the phone, through email, text message, or a document/form. To get you to respond quickly, the communication will most likely include an "urgency" component. It might say your account will be locked or you will lose access to services if you don't respond. However, DO NOT respond. Delete it.
Other examples of popular phishing scams: -a communication (email/text message) offering you a job that you never applied for -a communication (email/text message) impersonating someone you "know" asking you to urgently buy a gift card for them.
If you have responded to any type of phishing scam, it's important to change your password as soon as you find out. Contact CTS as well so we can ensure a hacker is not using your account.
If you are ever in doubt if a message is legitimate, give CTS a call. We'd be happy to help.
We are continuing to monitor the recent phishing scams. As a reminder, if you clicked on any links from the phish, submitted information into the linked Google Doc, received/replied to the text message to enter a code and/or entered the code, immediately change your password.
If you replied to the email or text message and are suddenly signed out/can't get back into your account, contact Campus Technology Services (CTS) immediately.
Starting on Friday, Sept. 13 in the evening, a phishing scam started circulating posing as “SUNY Oswego IT Administration” coming from various SUNY Oswego email addresses.
The following are characteristics of the email:
-Has a subject containing: “Urgent: Verify Your School Portal Login Credentials” -The greeting starts off as “Dear Student” -The first paragraph of the message starts with: “SUNY Oswego Admin has detected irregular activity with your School portal login credentials, particularly with the Office 365 system.” -The second paragraph asks to verify your account by clicking on a link to a Google Doc. -The message is signed by “SUNY Oswego IT Administration”
In addition to email, text messages with similar content are being sent.
-The content of the text messages mention suspension of your account if you don’t reply in 24 hours. -It is also signed by “SUNY Oswego Admin.” -They may also ask you to open up Gmail and type in a number, which is the number needed for multi-factor authentication (MFA).
If you received one of these emails or text messages, it is safe to delete it and report it as a phish within Gmail. If you clicked on any links, submitted information into the linked Google Doc, received/replied to the text message to enter a code and/or entered the code, immediately change your password.
If you replied to the email or text message and are suddenly signed out/can't get back into your account, contact Campus Technology Services (CTS) immediately.
In general, emails asking you to provide and/or verify your login credentials, especially “urgent” ones, are a sign of a phishing scam. Unsolicited job offers and the purchase of gift cards are also generally phishing scams.
If you are ever in doubt of whether an email is legitimate, please contact CTS.