INFORMATION SECURITY: PHISHING

Emergency Actions (You have received or interacted with a phishing scam.)
The Verification Hub (You are suspicious of an email...)
Proactive Protection (Daily Safety)
System Maintenance & Advanced Security (Protect your machine.)
Educational Resources (Want to learn more?)

---

1. Emergency Actions

(You have received or interacted with a phishing scam)

Involved with a phishing scam? Please review below:

Job Scam 

Description: A job scam is when someone pretends to offer you a legitimate job, but their real goal is to steal your money, personal information, or both. They often make the job sound unusually easy, high‑paying, or urgent, then ask you to do things like pay fees, buy equipment and giftcards, share your Social Security number, or deposit suspicious checks.

Immediate Actions:

• • Stop communicating immediately and block the senders involved
  • If funds were lost, contact your bank ASAP
  • If you would like further assistance, forward communications to security@binghamton.edu.

Optional, but recommended actions:

• • If you feel threatened or have lost funds report incident to the University Police Department
  • File an identity theft report at identitytheft.gov if personal data was exposed
  • You can file a complaint at https://www.ic3.gov
  • Monitor your bank accounts and credit.

Login Scam

Description: A university login scam is when someone sends a message that looks like it’s from your school to trick you into entering your username and password on a fake login page. Then they may either prompt you for your mfa code or pose as someone affiliated with the university in an attempt to steal your mfa code.

Immediate actions:

• • Immediately change your password at password.binghamton.edu
  • Block and ignore all communications requesting your mfa code
  • Report the incident to security@binghamton.edu
  • Check your email and account activity for suspicious logins, forwarding rules, or unfamiliar changes.

Malicious Attachment

Description: A malicious attachment scam is when a scammer sends you an email that looks legitimate and includes an attachment (like a PDF, Word doc, or ZIP file) that actually contains malware. When you open it, the file can install harmful software that steals your personal data, hijacks your university account, or infects your device.

Immediate actions:

• • Delete the attachment downloaded
  • Run an antivirus scan on your machine
  • Delete the files or programs identified.

Optional, but recommended actions:

• • Restore machine from backup - Need help?
  • Move necessary files to external storage device or cloud storage and reset your computer.

---

2. The Verification Hub

(The “Phish Tank” and PhishCheck)

• Suspicious of an email you received? - run it through phishcheck.binghamton.edu. Phishcheck is an interactive tool where users can upload a suspicious email to point out indicators of a scam.

• If you want to see the latest scams targeting the university community, visit the Phish Tank, which highlights phishing attempts and other scams that are currently trending.

• Stay Informed & Updated: Follow @binghamtonITS on Instagram for phishing awareness and the latest scam alerts. Review Dateline and B-Line regularly.

---

 3. Proactive Protection

(Daily Safety)

What can you do to remain vigilant? Please review the tips below:

Use Strong, Unique Passwords

• • Don’t reuse the same password for multiple accounts.
  • Use a password manager to generate and store strong passwords.

Turn on Multi-Factor Authentication (MFA)

• • Always enable MFA for university accounts, email, banking, and social platforms.
  • Use an authenticator app instead of SMS when possible, it's more secure.

Slow Down Before Clicking Links

• • Hover over links to check where they actually go.
  • When in doubt, visit the official site directly instead of using the emailed link.

Be Cautious With Attachments

• • Don’t open attachments from unknown senders.
  • Always check the email address from the sender, is it legit?
  • Even if an email looks like it’s from your university, verify if the message feels unexpected or strange.

Keep Track of Authorized Devices

• • Regularly check which devices are logged into your accounts.
  • Remove anything you don’t recognize.

Report Suspicious Activity

Forward suspicious emails or activity to security@binghamton.edu.
Reporting helps protect the entire campus community.

---

4. System Maintenance & Advanced Security

(Protect your machine.)

How can you protect your machine? Please review below:

Keep Your Devices Updated

• • Install macOS, Windows, iOS, or Android updates right away.
  • This updates and fixes security vulnerabilities that attackers actively exploit.

Update Apps & Browsers Regularly

Outdated browsers, plugins, and software are common entry points for malware.

Clean Up Storage

• • Remove unused apps, old downloads, and temporary files.
  • A cleaner system runs faster and reduces the risk of accidentally opening old suspicious files.

Back Up Your Files Regularly

• • Use Time Machine, OneDrive, Google Drive, or an external hard drive.
  • Backups protect your work from ransomware or sudden device failure.

Use a Reputable Antivirus

• • Choose tools your university trusts (e.g., Malwarebytes, Microsoft Defender).
  • Run regular scans on a schedule.

Encrypt Your Device

Most systems are encrypted by default, but verify:

• • MacOS: FileVault enabled
  • Windows: BitLocker (Pro or Enterprise editions)

---

5. Educational Resources 

Want to learn more? To help you stay informed and protect yourself from scams, malware, and online threats, here are trusted, student‑friendly resources you can explore anytime:

Google Phishing Resources

• • Learn how to protect yourself on Gmail
  • To show what you learned feel free to take this phishing quiz:

Cyber Security Basics 

• • Learn about strong passwords, MFA, phishing, and general online safety here 
  • For tips on account security, privacy, and recognizing scams, visit: https://staysafeonline.org .