Not all phishing messages are as targeted (specific to the users/department) as the one I warned about last week.
The message below uses one of the most common phishing tactics. They send a generic message (without reference to the specific organization they are emailing) notifying users about an update - and asking them to click a link to 'run their updates'.
A few points on this:
- If web services need to be updated - ITS may email you to let you know about possible downtime - but we won't be asking you to make updates yourself.
- The sender's name - and the destination link (which are highlighted) have nothing to do with the college.
- The 'confidentiality' statement at the bottom (which is surprisingly bilingual!) is there to make the message appear more legitimate.
Here's a screenshot of this message.
If you had gone to the destination site you would have seen the following - which looks nothing like any login page used by SUNY New Paltz - and has a different college's domain in the address: