Phishing Resources

What is Phishing?

Phishing, according to the NIST Computer Security Resource Center, is a technique for attempting to acquire sensitive data by using authentic looking, but bogus emails to request information from users or direct them to a fake website that requests information.

Responding to phishing scams (by entering information, clicking links, or downloading files) can lead to malware infections, data theft, and security breaches. These scams can appear in many forms, including emails, fake websites, pop-ups, ads, social media messages, and even fake tech support calls.

Take a look at this informational video:

How to Detect Phishing Emails

Check the Sender's Email Address: Verify that the sender's email address is legitimate. Be cautious of email addresses that are misspelled or have unusual domain names.
Look for Unexpected Emails: Be cautious of emails that you weren't expecting or that seem out of context. Spoofed emails may appear to come from familiar contacts or organizations.
Look for Generic Greetings: Phishing emails often use generic greetings like "Dear Customer" instead of addressing you by name. Legitimate organizations usually personalize their emails.
Check for Spelling and Grammar Mistakes: Phishing emails often contain spelling and grammar errors. Legitimate organizations typically proofread their communications carefully.
Avoid Providing Personal Information: Legitimate organizations rarely ask for sensitive information like passwords or Social Security numbers via email. Be wary of emails requesting such information.
Beware of Urgency or Threats: Phishing emails often create a sense of urgency or include threats to prompt you to take immediate action. Be skeptical of emails that claim your account will be closed or suspended unless you act quickly.
Examine Attachments Carefully: Avoid opening attachments from unknown or suspicious sources. Phishing emails may contain malicious attachments that can infect your computer with malware.
Check for Authenticity: If you're unsure about the legitimacy of an email, contact the sender directly using official contact information from their website or other trusted sources to verify the email's authenticity.

Difference Between Phishing and Spam

Phishing: email sent from an Internet criminal disguised as an email from a legitimate, trustworthy source. The message is meant to lure you into revealing sensitive or confidential information.
Spam: unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list.

Phishing at SJNY

Here is an example of a real phishing email received by employees and students at SJNY:

Phishing emails will often try to trick you into believing they are coming from a trusted source
Take note of the sender name, poor grammar/format, and overall unprofessionalism of an email claiming to be from SJNY

Screenshot of a real phishing email. The sender address looks suspicious and it contains a deceptive message prompting the recipient to click on a link to get information about jobs.

What To Do if You Suspect a Phishing Email

Please click the "Report Phishing" button located next to the "Reply" button under the "More" menu (3-dot icon)
If you suspect that you have received a phishing email, please also report it by contacting the ITS Help Desk. This will help us remove the email from our system and take action against the sender to prevent future phishing attacks
ITS Help Desk Contact Information:
- - Web: techhelp.sjny.edu
  - Email: techhelp@sjny.edu
  - Phone: (718) 940-TECH