Starting on Friday, Sept. 13 in the evening, a phishing scam started circulating posing as “SUNY Oswego IT Administration” coming from various SUNY Oswego email addresses.
The following are the characteristics of the email:
- It has a subject containing: “Urgent: Verify Your School Portal Login Credentials”
- The greeting starts off as “Dear Student”
- The first paragraph of the message starts with: “SUNY Oswego Admin has detected irregular activity with your School portal login credentials, particularly with the Office 365 system.”
- The second paragraph asks to verify your account by clicking on a link to a Google Doc.
- The message is signed by “SUNY Oswego IT Administration”
In addition to email, text messages with similar content are being sent.
- The content of the text messages mention suspension of your account if you don’t reply in 24 hours.
- It is also signed by “SUNY Oswego Admin.”
- It may also ask you to open up Gmail and type in a number, which is the number needed for multi-factor authentication (MFA).
If you received one of these emails or text messages, it is safe to delete it and report it as a phish within Gmail. If you clicked on any links, submitted information into the linked Google Doc, received/replied to the text message to enter a code and/or entered the code, immediately change your password.
If you replied to the email or text message and are suddenly signed out/can't get back into your account, contact Campus Technology Services (CTS) immediately.
In general, emails asking you to provide and/or verify your login credentials, especially “urgent” ones, are a sign of a phishing scam. Unsolicited job offers and the purchase of gift cards are also generally phishing scams.
If you are ever in doubt of whether an email is legitimate, please contact CTS.
Any further information related to this phishing scam, will be posted on the CTS status page.