Phishing identification and password change tips

As part of National Cybersecurity Awareness Month (NCSAM), Campus Technology Services (CTS) is focusing this week on phishing identification to help protect the campus community. Phishing attacks continue to be a serious threat, and one of the most common forms targets users through deceptive emails and text messages. Here’s how you can spot phishing attempts:

Phishing identification tips:

Suspicious subject lines or greetings
Be cautious of any emails or texts using generic greetings like "Dear Student" or urgent subject lines asking you to verify your credentials.

• “SUNY Oswego IT Administration” is not a signature  CTS uses.

Check the email address and domain

• Email address: Be cautious of slight misspellings in the domain (e.g., Oswego.net vs. Oswego.edu). Hackers may create convincing but slightly altered email addresses.
• Reply-to address: Sometimes, the "from" address looks legitimate, but the "reply-to" is suspicious. Always check this carefully.

Unexpected links or attachments
Phishing emails often include suspicious links to external sites like Google Docs or unexpected attachments. Always hover over links before clicking. Be wary of attachments with extensions like .exe, .scr, or .zip, especially if unexpected.

False claims of account issues
Emails or texts that claim irregular account activity and urge you to act quickly to avoid suspension are red flags.

Request for personal information
Legitimate organizations will never ask you to provide login credentials, multi-factor authentication (MFA) codes, payment details or Personally Identifying Information (PII) such as social security number via email or text. 

Poor grammar or unnatural language
While AI can write well, mistakes in context or subtle wording errors may reveal a phishing attempt.

Inconsistent email or phone numbers
Phishing messages may come from addresses or phone numbers that don’t match official SUNY Oswego communication channels. Research the department or person who sent the email. Even if it comes from a SUNY Oswego email address, be sure you were expecting the email and verify the sender if you are not sure.

Browser security
Phishing messages may come through browser notifications. Many modern browsers warn against phishing websites which are most likely misspelled versions of websites you visit every day. 

• Keep your browser updated and only allow pop-ups from sites you recognize. 
• Do not click on any links from pop-ups advising you to update your antivirus or upgrade your Microsoft 365 account.

Enable 2-step verification
2-step verification ensures your account is secure in the event your password is compromised and is required for all SUNY Oswego active accounts.

• SUNY Oswego email: Google 2-Step Verification
• Microsoft account logins: Microsoft 2-Step Verification

What to do if you receive a phishing message:

• Delete the email or text message and report it as phishing within Gmail.
• Do not click any links or enter any personal information.
• If you’ve clicked a link or submitted information, change your password immediately at oswego.edu/reset and contact CTS to review the account.
• If you see unauthorized 2-step verification codes sent to your devices, contact CTS immediately.
• If you’ve replied to a phishing message and are locked out of your account, contact CTS immediately for assistance by submitting a ticket via email at help@oswego.edu or calling (315) 312-3456 during business hours.

Stay vigilant, and help keep the campus secure by recognizing and reporting phishing attempts!

If you are ever in doubt about whether an email is legitimate, please contact CTS.

Password change tips

Since CTS announced a password change to at least 16 characters on Oct. 1, here is additional information to let you know what happens when you change your password. Your SUNY Oswego password is linked to many SUNY Oswego campus services. Here are a few things to remember when you change your password.

1. Wait one hour before attempting to sign into your computer, internet and accounts. This ensures the password information syncs across all services.
2. Sign in to the SUNY Oswego network with your new password. 
3. Sign in to your SUNY Oswego computer with your new password before you leave campus.
4. Sign in to your SUNY Oswego applications and web portals with your new password.
5. Sign in to the SUNY Oswego O: Drive with your new password. Here are the instructions for Mac and Windows computers.

If you have any trouble accessing SUNY Oswego services after a password change, please contact the CTS Help Desk during business hours.

–

Campus Technology Services
help@oswego.edu | 315.312.3456 | 26 Lanigan Hall