Calendar of Events
Campus Technology Services

Protect Yourself from Phishing and Texting Scams

Despite improved defenses and ongoing awareness efforts, email phishing scams continue to target the Purchase College community and remains one of the most significant security threats we face. And our best protection against it is you!

How to Protect Yourself

  • Be vigilant: Never share your account credentials and never approve a Duo Multi-Factor Authentication (MFA)request you did not initiate. Purchase College will never ask you for your password.
  • Slow down: Think before you click. Hover overlinks to check the real URL. Be suspicious of emails that create urgency, contain spelling or grammar mistakes, or request financial or sensitive information. Always verify such requests before acting.
  • Watch for text scams (Smishing): Text-based phishing has risen sharply. These attacks use the same tricks as email scams, often directing you to fake forms (Google forms are a common example) or asking you to approve Duo requests.

What To Do If You Suspect Phishing

  • Report it immediately: Use the Report Email Message button in Outlook. This alerts CTS and helps stop the attack. Do not reply to or forward the message.
  • If you think you were compromised:
    • Contact CTS immediately.
    • Change any passwords connected to the compromised information.
    • If the incident occurred at Purchase and you believe real harm was done, contact University Police at (914) 251-6900. Reports must be made in person at Police HQ (Lincoln Avenue underpass by the Library), or you can request an officer meet you on campus. University Police is available 24/7.

    Security Awareness Training

    Purchase requires annual Security Awareness Training through Microsoft Defender for all faculty, staff, and students. If you have not completed your training yet, please do so as soon as possible. (Note: Training is not in the KnowBe4 system.)

    Recent Simulation Results

    In our most recent phishing simulation (Fall 2025) over 170 individuals entered their account credentials. This underscores the importance of staying vigilant and completing training.

    Warning: If your account is phished:

    • Your account will be disabled and you will need to contact the CTS Helpdesk.
    • You will be required to complete additional security training within 3 weeks.
    • Your supervisor will be notified.

    If you need support, please contact the Helpdesk Zoom Tech Support(M-Th 8am-6:45pm; F 8am-4:45pm) or submit a work request.

     

    Thank you for your continued vigilance,

    Ryan Nassisi
    Chief Information Officer & Director
    Campus Technology Services
    Purchase College - SUNY