More Information

Protecting Your Personal Information Through E-mail

December 5, 2018

We would like to take this opportunity to remind the University community about the important role each of you play in helping to keep your information and University data safe.

Many of you have heard the term "phishing," which is a type of attack that uses e-mail to bait users into giving up their passwords to accounts or obtaining any personal information, such as bank account numbers and credit cards. Typically, these e-mails attempt to trick you into taking an action, such as clicking on a link, opening an attachment, or completing a form.  Cyber attackers send thousands of these e-mails in the hope that someone will fall for the scheme.

Please be aware of these type of actions and be judicious when working in e-mail. When opening and responding to e-mail, look for the following clues to prevent you from becoming victim to these phishing scams:

  • A message that is directed to "Dear Employee" or some other generic greeting.
  • Any message with a strong sense of urgency.
  • Messages claiming to be from an official organization, such as your bank, but have grammar or spelling mistakes, or the e-mail comes from a personal e-mail account, such as
  • Messages where the "From" e-mail address is an official organization, but the "Reply-To" address is another e-mail account.
  • Any message requesting highly sensitive information, such as your credit card number or password.
  • You receive a message from someone you know, but the tone or message just does not sound like them.

In addition, before clicking on a link, hover your mouse cursor over it. This will display the link's true destination, so that you can confirm if you are being directed to a legitimate website. On many mobile devices, pressing and holding the link will also show you the true destination. Alternatively, instead of clicking on the link, type the website's address directly into your browser (e.g., if you get an e-mail from your bank asking you to update account details, go to your bank's website and log in as usual).

If you have any questions, or are unsure about a particular e-mail, please contact the Office of Information Technology (IT) Service Desk at 718-990-5000 (x5000). Remember that the IT Service Desk will never ask for your password or credentials and that your password should not be written down or shared with others.

Thank you for your continued vigilance in keeping both the University’s and your personal IT environment and information assets as safe and secure as possible.