A notice was just received from CUNY CIS confirming that the FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. In general, the spearphishing emails request students’ login credentials for the University’s internal intranet. The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.
If you believe you are a victim of an online scam or malware campaign, please report it to IT Services and consider the following actions:
- Advise your financial institution immediately of any account information that may have been compromised.
- Watch for unexplained charges to your account
- Immediately change any passwords that you might have revealed.
- If you used the same password for multiple websites make sure to change it for each account, and do not use that same password in the future
Submitted on: FEB 8, 2019