In our ever-evolving digital world, mastering the ability to discern and handle suspicious emails is vital. The rise of sophisticated cyber threats emphasizes the need for a proactive approach to protect your personal information. Recognizing and avoiding not only phishing scams but also spam is a key step in fortifying your defenses against potential hacks. Stay informed and empowered by learning to identify and steer clear of these digital pitfalls, ensuring a safer online experience.
Spotting Tricks: Phishing and Spam
Phishing/Spam Information
Phishing
Phishing is an attempt by hackers to obtain your personal information (e.g., your account username and password, credit/debit card number, home address, Social Security number, or date of birth). That information can then be used for identity theft and other illegal activities.
Phishing is often done via email. Typically, you receive a message disguised as legitimate correspondence from an individual you know, from a bank or other financial institution, or from another type of business—often with a phony logo that looks official. The email message usually includes a link to a webpage where you will be asked to enter personal data. If you supply the data, the hackers can use that information to gain access to your accounts and commit crimes. The linked webpage may also download malicious code, such as viruses or spyware, onto your computer.
Spam
Spam is unsolicited commercial email. It is annoying and often includes a sham offer that will cost you time and money. You should take steps to limit the amount of spam you receive, and treat spam the same way you would treat an uninvited telemarketing call.
Most phishing scams can be avoided by following these basic principles:
- Treat ALL LINKS as if they are suspicious. (Links include web addresses and URLs.)
- Log in with your NetID at official Hunter College sites and your “MYHUNTER” account ONLY.
- ONLY change your NetID password through the Hunter College NetID website.
- NEVER provide your password or other sensitive information in an email message.
- You are responsible for your Hunter NetID. Do not share your password with anyone for any reason.
- Email is not a secure way to send out personal information. All email messages can be intercepted when sent, and email messages are not encrypted or protected by default.
- If an attacker gains access to your email account, all of the sensitive information stored there will be accessible to the attacker.
- Be suspicious of these kinds of messages:
- Messages urging you to “take immediate action.” Often the message communicates a sense of urgency and/or a threat that if you don’t take action, your account will be shut down.
- Claims that your email inbox is full or near its quota and needs to be upgraded.
- Claims that you must log in to trigger security features or other services.
- Legitimate email from Hunter College will NEVER ask you to click on a link to change your password or ask you for your password or other personal information.
If you receive a phishing or spam email, mark it as spam and delete it.
Phishing/Spam FAQs
Many email messages are sent with web-formatting HTML code behind the text. This is done in order to include web links, and to display images and use other special formats. However, web links can be deceiving. A phishing message often masks a malicious site on what looks like an official Hunter College page. A text link that reads as a link to one site but leads to a different named site should be treated as highly suspicious.
For these reasons, you should never automatically trust what you see in email messages.
If you are using a desktop or laptop with a mouse, you can ‘hover’ the mouse cursor over the link to display the link’s true destination (which typically displays in the bottom-left corner of the screen, or in a pop-up box near where the cursor is “hovering”).
Try this: If you ‘hover’ over the following email address link you will notice that the information displayed (the link’s true destination) doesn’t match the email address, webmaster@hunter.cuny.edu.
There is a mistaken belief that if an email says it is from a particular address, like webmaster@hunter.cuny.edu, it must actually be from that address. The unfortunate reality is that the “from” field can be easily faked to impersonate any address, account, organization or individual. This is commonly referred to as “spoofing.”
An email that says it is from Hunter may contradictorily include in the “from” field, a non-Hunter email address (one that doesn’t end in “@hunter.cuny.edu”). This is an instant indicator that Hunter DID NOT send the message, and you SHOULD NOT respond. Also keep in mind that even the email address included in the “from” field can be falsified to read as a Hunter email address.
If you are not sure about an email message’s legitimacy, first check our previously reported phishing/spam page (you may not be the first one to receive the message and it may have already been reported to the Help Desk). If the email is not on the list, please forward the original phishing/spam email to helpdesk@hunter.cuny.edu.
I received an email from “Hunter Webmail administrator” or a similar sender saying I need to update my account by providing my login ID and password, and that if I don’t, my account will be terminated. Is this a legitimate message?
No. Hunter or CUNY will NEVER send an email requesting your login ID and password. Please check our previously reported phishing/spam page, where we list phishing/spam emails received by Hunter users. If the message you received is not yet on the list, please forward it to helpdesk@hunter.cuny.edu. We will block all replies to the message and post it as a caution to others.
If you suspect someone has access to your account, or that your account has been compromised in another way, you should change your NetID password.
Look for any changes in your email and the other services you use under your NetID. Notify accounts@hunter.cuny.edu if anything looks suspicious.
The alert is NOT legitimate if it asks you to confirm your identity or provide confidential/personal information via email, including but not limited to your login information. Despite widespread warnings and awareness about such threats and dangers, spammers and hackers still use the method of sending attachments or links that wreak havoc when clicked on. For this reason, you should NEVER open an unrecognizable attachment or use a link to an unfamiliar website. If you are unsure about the legitimacy of a particular message, first check Hunter’s previously reported phishing/spam page. If the suspicious email has not been reported, forward it to helpdesk@hunter.cuny.edu.
Regardless of the kind of information you provided to the fraudulent sender, your account may be compromised. Go to NetID Central and reset your password immediately. Contact helpdesk@hunter.cuny.edu if you need additional assistance. If need be, ICIT can invalidate your old account.