Email Scam Alert
BCC’s IT department asks everyone to be aware that there are fraudulent emails being sent to students about taxes.
The emails use subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment“, which tell victims to click on a link to claim a refunds. When they do, it redirects them to an fake IRS website that asks for sensitive information, such as first name and last name, date of birth, address, Social Security number, annual gross income, driver’s license number and Electronic Filing PIN among others. This information may be used to deceptively obtain tax refunds, commit identity theft, etc.
If you see such a suspicious email, do NOT click on any of the links. Instead, forward the original email to firstname.lastname@example.org.
If you believe you are a victim of an online scam or malware campaign, please report it to the BCC IT Service Desk (email@example.com, 718.289.5969) or BCC Public Safety (firstname.lastname@example.org). You should also consider the following actions:
- Advise your financial institution immediately of any account information that may have been compromised. Watch for unexplained charges to your account.
- Immediately change any passwords that you might have revealed. If you use the same password for multiple websites make sure to change it for each account, and do not use that same password in the future.
Here are other tips to protect you from scam emails:
- DO remember that official communications should not solicit personal information by email
- DO NOT reply to unexpected or unusual email from any sender.
- DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly
- DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser
- DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services
For more information regarding security advisories, please visit the CUNY Information Security web page.