Cornell Email Addresses are Being Faked
This article applies to: Security & Policy
Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution:
- Whenever the subject prompts you to act quickly (using words like important, please respond, or threatens to close an account).
- If you aren't expecting something from the person.
- With ALL links and attachments—never click or open them unless you're 100% sure they're legitimate.
Spoofed messages often direct people to malware sites. If you have any doubt about if the email is legitimate, confirm the source before you click.
How Spoofing Happens
It's possible to make any email look trustworthy because it's really, REALLY easy to fake the "from" address.
Anyone anywhere can set up an email server and make it look like mail being sent from it is coming from any email address they want, including yours. When spoofing occurs, it is happening on systems completely out of Cornell’s control.
Be On Guard
This means you must practice caution with all emails, no matter who they are from—family, groups you subscribe to, your friends, your boss, airlines, doctors, Cornell's president, etc.
Email spoofing is prevalent everywhere. At Cornell, scammers commonly use NetID@cornell.edu emails to spoof "from" addresses and increase the odds that you'll see a Cornell NetID, let your guard down, and then type your NetID password into a spoofed web page.
Why Spoofing Is Used
When someone steals a Cornellian's password, they're doing it to sign in and snoop around undetected on Cornell systems. They can steal any data the Cornellian has access to until you realize something is wrong.
Cornell's email team isn't seeing a pattern to whose addresses are being used to spoof—it seems random. They are taking steps to make it harder to spoof Cornell email addresses, but there is currently no reasonable way to entirely prevent this behavior. Community awareness is our best defense.
What You Can Do
Report immediately if you believe you were tricked into clicking a potentially dangerous link or attachment. Contact Cornell's IT Security Office at firstname.lastname@example.org.
If you think your Cornell NetID was compromised, immediately change your password, then contact the IT Security Office.