As the spring semester begins, Campus Technology Services (CTS) has become aware of phishing scams circulating through email and text messages impersonating campus employees and offices. The scams include “urgent” requests to accept unsolicited job offers, to click on links to websites asking for passwords, fraudulent Paypal and Venmo money requests, and to purchase gift cards.
If you are not sure if an email is legitimate, please contact the CTS Help Desk so we can help you determine if you should respond to it.
Here are some tips to help determine if an email is legitimate:
Verify who the email came from and all links in the message body:
Always check the From: address in the email. Don’t just check the name, though, click on the down arrow in Gmail to look at the actual email address. Some emails will show up as legitimate names, but when you look at the actual email address, it’s not from where you would expect it to be from.
Note: All official communications from the campus should come from an email address that ends in @oswego.edu.
Call the person or office the message is said to be from, asking if they sent it to you. Don’t use any email addresses or phone numbers referenced in the email. Use our PeopleSearch directory to find official campus phone numbers and email addresses.
On computers, hover over links before clicking on them to make sure they are legitimate. When you hover over the link, the web address the link goes to will display at the bottom of your Gmail window. On mobile devices, long-press a link to review the address.
- Hesitate on gift card purchases, unsolicited money requests, unsolicited job offers and sites that ask for a password.
Hesitate when you are being offered an unsolicited job through email. There are many scams going around to students offering a job. After some correspondence back and forth, they will eventually start asking for your bank account or money for reimbursement expenses. Do not give that out and cease all communications.
Hesitate when someone is asking you to buy a gift card. Even if you receive an email or phone call from “someone you know,” call the person and verify it with them.
Hesitate when you are sent unsolicited money requests from Paypal or Venmo, especially if the notes in the request are claiming you owe money or a charge is being placed on your account. Do not contact any email addresses or phone numbers in the request as they may not lead to legitimate support.
Hesitate when entering a password on any website. Double-check the web address to make sure it's a legitimate site. Your password should never be asked for on a Google form.
Hesitate when an email has a sense of urgency where if you don’t respond right away your account will be locked.
In general:
- Never give out private information like bank accounts, social security numbers, credit card numbers, usernames, passwords, multi-factor authentication (MFA) verification codes, etc.
- Don’t respond to emails in your “Spam” or “Junk” folder.
- No employee or office with SUNY Oswego will ask for your password or MFA verification codes.
- If you’ve identified a phish, help Google block it by reporting it.
Official campus employment:
- Student internships and student jobs are only advertised via Handshake.
- Employee jobs are available through the Human Resources Interview Exchange.
If you have responded to a phishing scam, change your password immediately, and contact CTS.
More information is available from Google’s “Avoid and Report Phishing emails.”
–
Campus Technology Services
help@oswego.edu | 315.312.3456 | 26 Lanigan Hall