Content (16)
PhishAlarm made its public debut in Cornell Outlook email clients in March 2024, making it easier to report suspicious messages to the IT Security Office and remove these messages from the email client.
Since the PhishAlarm feature was introduced earlier this year, more than 6,000 potential threats have been reported. This number is only expected to rise as generative AI is making it easier than ever for hackers to automate their scams and make their attempts look less suspicious. The more…
The Cornell University community is encouraged to be on high alert for suspicious emails, calls, and in-person contacts purporting to be a vendor working on the widespread Windows outage related to a CrowdStrike bug.
Be aware that bad actors are currently taking advantage of the widespread outage…
Simulations are used to train astronauts and health care workers, so why not faculty and staff faced with stressful decisions? New phishing simulations to be run quarterly by the Cornell IT Security Office have been designed to help faculty, staff, researchers, and other employees more easily…
Phishing and other kinds of fraudulent or deceptive outreach efforts are ramping up in terms of frequency and stealth at Cornell. So the IT Security Office is working to help the community learn to better identify and report suspicious email.
For years, Cornell community members have continually helped strengthen the layers of security protecting the university's digital resources by forwarding suspicious email messages to the IT Security Office. To make it even easier for customers to notify us of potential threats, we are introducing…
“Whaling” is a sophisticated form of phishing that targets an organization's top leaders. It uses clever social engineering and generative artificial intelligence to look like it’s from people you know and trust -- the president, provost, vice provosts, vice presidents, or deans.Cornell's leaders…
Watch out for fake job offers. Scammers are contacting Cornell students, pretending to be professors offering part-time research and administrative jobs. Students who apply end up losing their own money through fraudulent banking transactions.
Be suspicious if a listing:
Asks for your bank…
Phishing scams are more common now than ever before and have evolved well beyond the insincere pleas of imaginary displaced royalty hoping you’ll open a bank account for them. These days you may find that you receive a spoofed email, seemingly from your boss, asking you to purchase gift cards for…
Avoid getting "hooked" before you get to campusDepartments and organizations with legitimate job opportunities for students will not ask for your personal information in order to send you a job description.
Help fight phishing and scams. Cybercriminals have increased their efforts both during the holidays and around the ongoing pandemic.
Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution:
Confirm the SourceVerify that the message is coming from the person's real email address. In email readers and devices that do not display the actual address, hover over the Sender’s name to reveal what follows the @ symbol. Scammers frequently attach a real person's name to a fraudulent email…
It is easy to fake what appears in the From or Reply-to line of an email message. Check the message headers to discover the message's real origin. Message headers are the material that comes before the body of a message.Quick CheckSometimes information in the headers contradicts the From line. For…
Beware of unexpected Duo (Two-Step Login) prompts. Ignore them unless you’re sure you requested them. If you are unexpectedly prompted to use Duo in a way you normally don’t, ignore it and contact the IT Security Office. For example, if you usually use your smartphone’s Duo app, but…
Scammers are following the headlines and taking advantage of fears surrounding the novel coronavirus (COVID-19). Stay informed and alert to avoid these and other targeted scams.