Main content

Beware Phishing Email Scams

How to Avoid Phishing Scams

Are you in the Office? I need you to do something...”  is the lead in to a common scam - and they are at it again. The Phisher uses a display name and a fake email address, and sends this starter message to someone’s subordinates. Since everyone wants to keep their boss happy, some people are fooled into responding “what is it you need?“  The phisher usually asks you to purchase some gift cards for an important client or something like that.  Don’t fall for it. 


Phishing kicks into high geat at colleges at this time of year. Please keep an eye out for anything unusual, and ask for confirmation if anything looks odd. Look for the actual “From” address in email messages, lookout for fake login pages, and watch for the domain in websites. 


In the second half of July 2019 over 110 incoming freshmen fell for a fake Linkedin phishing message, and their accounts were used to spam the world. In August 2018 there were 40 faculty and staff who fell for phishing scams. When that happens, Purchase College lands on Spammer lists, and our email to other institutions is all treated as suspect. Cleaning up the reputational damage only happens through good behavior, and is slow and takes time. 


Protect yourself - treat your email like the mailbox outside your front door. Important stuff gets dropped off there, but you take it inside the house for safekeeping. Would you even think about leaving your bank statement or tax returns in the mailbox outside your front door? Of course not - and you should treat your email mailbox the same way. Keep in mind that your email account may also be where your online banking and online shopping accounts are homed. That means that your email can be used to reset those passwords and gain access to those financial accounts - you have to protect your email account.


The security and privacy of our online information is under greater threat than ever before. It is our individual and and our collective responsibility to safeguard personal, private and sensitive information. 


So what can you do?


You may think you are computer-savvy enough that you would never fall for phishing - but don’t kid yourself - so did every one of those unfortunate account holders who did fall for them. The fact is scammers are getting better and better at phishing, and not all are obvious fakes.


All NYS employees must complete mandatory annual security awareness training. SUNY and Purchase College have provided self-paced training for several years. This fall we will be launching a new version of the training from a new vendor that is much better than the old one - look for an announcement shortly. 


Most importantly, protect yourself by thinking twice before you click.