Skip to main content Skip to footer content

Phishing Email Scams


Phishing Email Scams

What Is Phishing

Phishing is a form of social engineering that uses email or websites to pose as a trustworthy organization in order to access your data. Scammers or hackers will try and pose as an organization you trust in order to trick you into giving them sensitive data like a username, password, social security number or credit card information.

  Phishing Email Example


Red Flags

Be aware of these red flags of common scams when responding to emails:

  • Copycat and fake websites pose as legitimate ones to capture personal and financial information
  • E-cards, unexpected “gifts” and job offers (“secret shopper”) from unknown senders may contain links that lead to malware
  • Fake advertisements, coupons or shipping notifications may include infected attachments and/or contain links that lead to malware
  • Phishing email messages and fraudulent posts on social networking sites may request support for phony causes or offer “too good to be true” deals on merchandise
  • Security or “fix or tune up your PC” software offered as an unexpected pop-up ad
  • Secret Shopper” scam. This is something that is prevalent and has impacted a lot of students recently. CUNY provides an overview of this type of fraud. 


How to Avoid Phishing Scams

To avoid such phishing scams that could result in a security breach, identity theft or financial loss:

  • Approach all unsolicited offers and communications with skepticism and caution
  • Do not follow unsolicited links or download attachments from unknown sources
  • Always compare a link in an email to the link you are actually directed to and determine if it matches and will lead you to a legitimate site
  • Turn on enhanced account authentication features that use a companion mobile app to verify account activity or text unique verification codes to your mobile device
  • View online shopping safety tips by the Department of Homeland Security, the National Cyber Security Alliance and the Federal Trade Commission


Victim of Phishing Scams

If you believe you are a victim of an online scam or malware campaign, please report it and consider the following actions:  

  • If you are a victim or have received a suspicious email, please contact Public Safety at 718-368- 5069 or call the Office of Student Affairs at 718-368-5563. 
  • Advise your financial institution immediately of any account information that may have been compromised. Watch for unexplained charges to your account
  • Immediately change any passwords that you might have revealed. If you used the same password for multiple websites, make sure to change it for each account, and do not use that same password in the future.