2021-06-01 - Warning regarding email with subject "Notification May 29, 2021 09:37:33 PM UTC -04:00"

Hi all,

I'm writing to warn about a fraudulent email that was went out over the weekend.  Since it went out over not just a weekend - but a long weekend, it's a longer delay than normal before we were able to act and send a warning about this.

I've attached a screenshot of the message below.  First off - of you received this and clicked the link - you would have been brought to a login page that asked for your New Paltz username & password.  If you provided that there - you've given out your username & password to cybercriminals.  If you did this (or if you aren't sure if you responded to it) you should change your password via the "Change Password" link at the top right of my.newpaltz.edu.

With that aside - as usual I'd like to show some red flags in the message that you should look for to recognize this or similar messages as fraudulent.

1. The '.fl' at the end of the from address indicates the domain name is from Finland.  Whenever you see a two letter code at the end of the domain name - it indicates a country domain.  Aside from .us - these are foreign country domain names.  If you don't do business or research internationally, most people will not receive emails from foreign domains.  
2. The "1 New Message - Click here to read" is an attempt to trick you with curiosity.  Curiosity, desire, and fear are the most common psychological triggers that cybercriminals use to get you to open their emails.  A real email would have at least some bare minimum description of what the message is about and what company/organization is sending it.  The lack of this - may make a person curious - but curiosity can be dangerous!
3. As always - you should hover over (but not click on) the destination link before clicking on it.  In the screenshot below - I've done so and highlighted the destination domain at the bottom.  Though it has my email address in the destination page - that is only so the criminals can track who is clicking on their links.  As with the from address - the destination link is another foreign address - in this case to a compromised side in Australia.
4. Copyright © 2021 Newpaltz".  For some reason - scammers LOVE throwing copyright statements in their emails.  Seeing such in an email purporting to be from New Paltz is a HUGE red flag.
5. And of course - the ever present caution banner on external messages.  I know some believe this is counter productive since it is on EVERY external message and you can get numb to it - but at the very least you should try to keep an eye on it before clicking on a link.

Thank you as always to the many who reported this to us!