Cornell Email Addresses Are Being Faked
It's possible to make any email look trustworthy, because it's really, REALLY easy to fake the "from" address. This means you must practice caution with all emails, no matter who they are from: family, groups you subscribe to, your friends, your boss, airlines, doctors, Cornell's president, etc.
This scam technique is called email spoofing, and it's prevalent everywhere. At Cornell, criminals commonly use NetID@cornell.edu emails to spoof "from" addresses and increase the odds that you'll:
- See an email that appears to be from someone at cornell.
- Let your guard down, and get sucked in by the message.
- Click a malicious link, and type your NetID password into a spoofed WEBPAGE.
When someone steals a Cornellian's password, they're doing it to sign in and snoop around undetected on Cornell systems. They can STEAL ANY DATA the Cornellian has access to, until we realize something is wrong.
Cornell's email team isn't seeing a pattern to whose addresses are being used to spoof—it seems random. They are taking steps to make it harder to spoof Cornell email addresses, but there currently is no reasonable way to entirely prevent this behavior. Community awareness is our best defense.
This is just another phishing technique. Practice extra caution:
- Whenever the subject prompts you to act quickly (using words like important, please respond, or threats to close an account)
- If you aren't expecting something from the person
- With ALL links and attachments—never click or open them unless you're 100% sure they're legitimate
Spoofed messages often direct people to malware sites. If you have any doubt about if the email is legitimate, confirm the source before you click.
Report immediately if you believe you were tricked into clicking a potentially dangerous link or attachment. Contact Cornell's IT Security Office: firstname.lastname@example.org
Watch Essentials to Avoid Online Scams, a 7-minute Cornell video, for how to spot fraudulent emails and outsmart the criminals.