Jump to Footer

Phishing Leads to Data Breach



April 21, 2016

A recent article published by WCAX News described a fraudulent email message to the town of Essex, VT. By impersonating a town official, the sender was able to convince town staff to send them the payroll records for all town employees.

Known as “phishing” scams, these attacks are now all too common. They seek to acquire sensitive information for malicious reasons by masquerading as a trustworthy entity.

Phishing attacks can be very difficult to recognize. After all, they are carefully crafted to trick us. We as individuals—and as members of the SUNY Plattsburgh community—could be targeted at any time.

The bad news is that, should our college ever fall victim to a serious attack of this nature, the damage could be devastating, both financially and to our reputation.

The good news is that there are ways we can all stay alert to defending the college’s and our own sensitive information. Below are some safety practices:

  • Never send sensitive information over email. A good rule of thumb is, if you wouldn’t put it on a postcard, don’t put it in an email.
  • Always keep account passwords private.
  • Don’t reply to emails asking for personal or financial information. Legitimate companies you are already doing business with do not ask for personal or financial information via email.
  • Never click links within emails that ask for personal or financial information. Hackers can retrieve information from your computer in various ways, including accessing stored information and monitoring keystrokes.
  • Avoid cutting and pasting links from an email message into a new browser window. Many people think this will help them determine if a website is legitimate; however, phishers can make links appear as if they go to a legitimate site while sending you to another website that they control.
  • Never call unfamiliar company phone numbers listed in an email. A common scam asks you to call the phone number listed in the email to update your account information. Sophisticated technology can mask an area code and divert the call to anywhere.
  • Be wary of emails that seem urgent. Phishing emails often state that immediate action is required to tempt you to respond without thinking.
  • Pay close attention to the web address if you choose to access a company’s website through an email link. Some phishers register domain names that look similar to the legitimate domain name of a company. If there is any doubt, open a new browser window and type the web address yourself.

As always, if you have concerns or questions about emails that you receive, call the regular campus Helpdesk number at 564-4433 for assistance.

Read More

  1. WCAX News: Essex police investigate data breach. Retrieved April 21, 2016.
  2. SUNY Plattsburgh Information Security: Phishing
Back to top