Campus Technology Services

As the spring semester begins, Campus Technology Services (CTS) wants you to be aware of phishing scams circulating through email and text messages that can impersonate campus employees and offices. The scams include “urgent” requests to accept unsolicited job offers, to click on links to websites asking for passwords, fraudulent Paypal and Venmo money requests, and to purchase gift cards.

If you are not sure if an email is legitimate, please contact the CTS Help Desk so we can help you determine if you should respond to it.

Here are some tips to help determine if an email is legitimate:

Verify who the email came from and all links in the message body:

• Always check the From: address in the email. Don’t just check the name, though, click on the down arrow in Gmail to look at the actual email address. Some emails will show up as legitimate names, but when you look at the actual email address, it’s not from where you would expect it to be from.
  • Note: All official communications from the campus should come from an email address that ends in @oswego.edu.
  • Call the person or office the message is said to be from, asking if they sent it to you. Don’t use any email addresses or phone numbers referenced in the email. Use our PeopleSearch directory to find official campus phone numbers and email addresses.
• On computers, hover over links before clicking on them to make sure they are legitimate. When you hover over the link, the web address the link goes to will display at the bottom of your Gmail window. On mobile devices, long press a link to review the address.

Hesitate on gift card purchases, unsolicited money requests, unsolicited job offers, sites that ask for a password.

• Hesitate when you are being offered an unsolicited job through email. There are many scams going around to students offering a job. After some correspondence back and forth, they will eventually start asking for your bank account or money for reimbursement expenses. Do not give that out and cease all communications.
• Hesitate when someone is asking you to buy a gift card. Even if you receive an email or phone call from “someone you know,” call the person and verify it with them.
• Hesitate when you are sent unsolicited money requests from Paypal or Venmo, especially if the notes in the request are claiming you owe money or a charge is being placed on your account. Do not contact any email addresses or phone numbers in the request as they may not lead to legitimate support.
• Hesitate when entering a password on any website. Double-check the web address to make sure it's a legitimate site. Your password should never be asked for on a Google form.
• Hesitate when an email has a sense of urgency where if you don’t respond right away your account will be locked.

In general:

• Never give out private information like bank accounts, social security numbers, credit card numbers, usernames, passwords, multi-factor authentication (MFA) verification codes, etc.
• Don’t respond to emails in your “Spam” or “Junk” folder.
• No employee or office on our campus will ask for your password or MFA verification codes.
• If you’ve identified a phish, help Google block it by reporting it.

Official campus employment:

• Student internships and student jobs are only advertised via Handshake
• Employee jobs are available through the Human ResourcesInterview Exchange

If you have responded to a phishing scam change your password immediately, and contact CTS

More information is available from Google’s “Avoid and Report Phishing emails article.

During the weekend of Jan. 18 to 19, 2025, Campus Technology Services (CTS) will migrate the Banner student information system to a new off-campus hosting solution managed by SUNY Information Technology Exchange Center (ITEC). This move will help us maintain high security standards while making the best use of on-campus resources. It will also allow the university to adapt to future technology changes easily.

The migration will occur starting Saturday, Jan. 18, at 6 a.m. through noon, Sunday, Jan. 19. During this time, Banner and related systems (listed below) will be unavailable. In partnership with SUNY Student Information and Campus Administrative Systems and ITEC, CTS will work diligently to ensure a smooth transition.

Once the migration is complete, you should not notice any changes to Banner functionality. As a reminder, bookmarks for these systems should be:

Banner admin pages: https://www.oswego.edu/banner

myOswego: https://www.oswego.edu/myoswego

Systems unavailable during the migration:

Banner Admin Pages

Banner Document Management (BDM)

myOswego

Banner Workflow

Argos

Automated Banner and Argos processes and data feeds (including Student Accounts Daily Feed, Slate Application Loads, Financial Aid Batch Disbursement, etc.)

Systems NOT affected by the migration:

DegreeWorks

Brightspace

Slate

If you have any questions or concerns, please contact Eric Goodnough, Assistant Director for Administrative Application Services, at [email protected].  

We’re sending an update on the Google storage quota changes planned for Feb. 17, 2025. Based on feedback from our university community, we have decided to postpone implementing storage quotas for faculty, staff, students, departments, student clubs and organizations, and retirees. Implementation of storage quotas will continue as planned for alumni, with ongoing support for those who may have questions.

Over the past year, the total disk space used has remained relatively stable, thanks to the diligent efforts of many who have removed unneeded files. Although we have postponed quotas for the above-mentioned groups, we ask you to continue removing no longer necessary files. Removing unneeded emails and files will help manage storage efficiently and prepare us for future transitions.

To assist you with these efforts, Campus Technology Services (CTS) is now focusing on strategies to help guide data storage decisions that align with your needs, data types, and SUNY record retention guidelines. In late fall 2025, we will reassess quotas based on usage and campus needs.

Starting in January, we’ll send Oswego Today notices with information on data storage best practices and invite you to participate in workshops during the upcoming CELT-sponsored Winter Breakout sessions. These sessions will cover strategies for managing your storage needs effectively.

If you have questions or concerns about this postponement or your current storage needs, please email the Help Desk at [email protected]. 

Thank you for your ongoing efforts and commitment in this area.

Sean Moriarty

Chief Technology Officer

Campus Technology Services

As part of National Cybersecurity Awareness Month (NCSAM), Campus Technology Services (CTS) is focusing this week on multi-factor authentication (MFA) Fraud.

MFA is an excellent tool used to protect accounts from compromise, but like with passphrases, malicious actors try to find ways to circumvent MFA in an attempt to access accounts. By keeping the following things in mind you can help protect your account from MFA fraud:

1. Don’t share MFA codes: If the MFA method you are using is reliant on entering a code after you first authenticate, only enter the code on the website/app the account is related to. Always verify that you are on the real website or using the services’ official app. If a malicious actor gains access to your current MFA code, they can use it to try and generate more codes that will allow access to your account.
2. Be vigilant with authentication requests: Some MFA methods utilize a push notification to your device that will ask you if you want to approve or deny the request. Always ask yourself why you would be receiving the request. Is this something you are trying to access? If you don’t know why you are receiving the request, always deny it and change your account passphrase immediately as it may be compromised, and report what happened to the CTS Help Desk immediately.
3. Malicious actors will ask for access: If you are ever contacted by someone via email or text message asking you to provide a MFA code or approve a MFA request on your phone immediately, treat it with suspicion. This is a common method malicious actors will use to access your account if they already have your credentials and realize you have MFA enabled. If this happens to you, disengage with the individual contacting you and change your passphrase immediately.

By following these guidelines and tips you can help prevent MFA fraud from happening to you. If you believe you are being targeted by MFA fraud or have provided your MFA information to someone you didn’t recognize, contact CTS immediately for assistance by submitting a ticket via email at [email protected] or calling (315) 312-3456 during business hours.

October is National Cybersecurity Awareness Month (NCSAM)

This year, SUNY Oswego has specific initiatives to help protect your SUNY Oswego account including 16-character passwords and a phishing identification contest.

New 16-character passwords

Passwords with at least 16 characters and a mix of alphanumeric and special characters have become best practice as they are harder to hack. Campus Technology Services (CTS) will require 16-character passwords starting today, Oct. 1.

To get started, visit the CTS account management page. Please make your new SUNY Oswego password different from any other password you use online. Have your password changed by the end of the month, Oct. 31.

Phishing awareness

Starting today, Oct. 1, CTS wants to hear from you on the phishing scams you receive in your inbox.

Google does a great job filtering out many phishing emails, but some do end up coming through. Use one or more of the following ways to participate and you’ll be entered into a contest for one of three $25 College Store gift cards.

Ways to enter the contest:

• Forward a phishing email received in your SUNY Oswego inbox (not the spam folder) to [email protected].
• Take our phishing quiz and see how good you are at identifying harder than usual phishing scams. Send your results to [email protected].
• Take an 8 minute LinkedIn Learning course on Identifying Phishing Attacks and learn how to stay safe online. Let CTS know you completed the course by sending an email to [email protected] with the subject line "Phishing Course Completed".