Several faculty in the past day or so have reported seeing messages like the one below (the recipient's name & email address have been redacted).
There are a couple ways to recognize that the message is fraudulent:
- The implied threat of 'if you don't do something, your account will be deactivated" is a frequent clue to a message being fraudulent.
- A from address that has NOTHING to do with SUNY New Paltz.
- Note: Even if the from address was @newpaltz.edu, from addresses can be faked. Not being an @newpaltz.edu address should be treated as evidence of the message being fraudulent, but being an @newpaltz.edu address shouldn't be taken as evidence of legitimacy.
- If you were to hover over the link (in the real email, not in the example image), you would have seen the destination link of the message (either near your cursor, or at the bottom left of the message). Suffice to say, this is 'not' a newpaltz.edu website, despite their being a newpaltz.edu email address in the link.
If you receive a message that you are unsure of the legitimacy of, contact the Service Desk (845-257-HELP) for assistance.