What is Internet Fraud?
Internet fraud is a serious problem that you will face both at work and at home. Criminals use a variety of methods to try and obtain sensitive information such as your CWID and password, Social Security Number, and credit card information, which can then be used to cause data breaches and perpetrate identity theft and other nefarious and illegal behavior.
The methods used to perpetrate Internet fraud are constantly evolving, so it is important for you to educate yourself and others on how to protect your sensitive information. The Cornell University security group has published a site that goes into details on these main points:
- Don't fall for phishing
- Don't click on email web links
- Watch out for scams trying to steal your money
How can I tell if an email is fake?
- The email ends up in your Spam folder.
- Do not click on any links or respond to any suspicious emails that are automatically filtered by ITS to your email spam folder.
- The message is from a suspicious email address, or contains strange content.
If you don’t recognize the sender or see [EXTERNAL] in the message subject, you should treat it with suspicion. However, be warned that phishing scams can even "spoof," or impersonate, a colleague's WCM address, making odd requests for information, like financial data. Even if the message comes from someone you know or interact with regularly, report any suspicious content to ITS. We can verify the authenticity of the message if you select the email in your inbox and click the Report Email to ITS Security button in Outlook.
- The message content does not follow ITS format or is poorly written.
- ITS emails follow a specific format are will rarely deviate from it. For example, any official announcement from ITS typically contains the following items: Who is this message for? What is changing? How will this affect you? and Questions? Feedback? Likewise, if there are multiple grammar errors, misspellings and other errors that look suspicious, it is probably a fraudulent email.
- The message asks for personal or confidential information.
- A dead giveaway is if the message contains what appears to an urgent message and asks for your CWID, password, credit card number, or other confidential information. ITS will never ask for these things in an email message or web form, and does not shut off IT services if you withhold this type of information.
- You're asked to click on suspicious links, open attachments, or are being persuaded to take action.
- A good tip from a laptop or desktop is to hover your cursor over a link and see the URL looks legitimate. Be wary of suspicious or unfamiliar domains that don’t end with .com, .org, or .edu, to name a few. If you get an email from an external sender at WCM, you'll notice URLs are rewritten by our Proofpoint security system to hopefully protect you in the event you accidentally click on a malicious link. Still, that doesn't mean you should click on a link if it looks suspicious. By clicking a malicious link, you may be directed to a site that looks like a WCM login page asking for credentials, malware could be downloaded to your computer, or you may be prompted to download a file (always click No). Also, never open attachments with strange file names or extensions (like .exe), or attachments that were unexpected. Always verify links and attachments with ITS if you have any doubts about their authenticity.
The Cornell University security site has a "phish bowl" with examples of phishing emails.
Can I report a suspicious email to ITS?
Yes, and please report them often! ITS Security is happy to investigate. Report suspicious emails by clicking the Report Email to ITS Security button in Outlook (including the Outlook mobile app). ITS will review your submission and send an email back to you confirming whether or not the email is malicious. Note that anyone at the college is subject to phishing, so if you are even remotely suspicious of an email, it's best to err on the side of caution and report it to ITS for further investigation.
What if I already clicked links in a suspicious email?
If you clicked on a link in a suspicious email, close your browser immediately. Do not open any files if you downloaded them from the link. Report the message and the incident to the Service Desk right away. If you attempted to log into a site that you thought was authentic and it looks suspicious, you should immediately change your account password, or call the Service Desk at 212-746-4878 for assistance.
Download our phishing flyers
Keep one of our phishing flyers at your desk by downloading and printing it.