If you recieve a If you received a
email, mark as spam
and delete it. If you're
unsure, check our list
of previously reported
email and it
HAS NOT been
forward it to
If you recieve a
If you received a
It is important to note that legitimate email from Hunter College will NEVER ask you to click on a link to change your password nor ask you for your password or other personal information. You should only change your NetID password by going to the Hunter College website and following the instructions listed at the bottom of this page.
Definitions, Dangers and Advice
Phishing: Phishing is an attempt by hackers to obtain your personal information (e.g., your account username and password, credit/debit card number, home address, Social Security number, or date of birth). That information can then be used for identity theft and other illegal activities.
Phishing is often done via email. Typically, you receive a message disguised as legitimate correspondence from an individual you know, from a bank or other financial institution, or from another type of business – often with a phony logo that looks official. The email message usually includes a link to a webpage where you will be asked to enter personal data. If you supply the data, the hackers can use that information to gain access to your accounts and commit crimes. The linked webpage may also download malicious code, such as viruses or spyware, onto your computer.
Spam: Spam is unsolicited commercial email. It is annoying and often includes a sham offer that will cost you time and money. You should take steps to limit the amount of spam you receive, and treat spam the same way you would treat an uninvited telemarketing call.
Check it before you click it
Most phishing scams can be avoided by following these basic principles:
1. Treat ALL LINKS as if they are suspicious. (Links include Web Addresses and URLs.)
2. Log in with your NetID at official Hunter College sites and your "MYHUNTER" account ONLY.
3. NEVER provide your password or other sensitive information in an email message.
- You are responsible for your Hunter NetID. Do not share your password with anyone for any reason.
- Email is not a secure way to send out personal information. All email messages can be intercepted when sent, and email messages are not encrypted or protected by default.
- If an attacker gains access to your email account, all of the sensitive information stored there will be accessible to the attacker.
4. Be suspicious of these kinds of messages:
- Messages urging you to take Immediate Action. Often the message communicates sense of urgency and/or a threat that if you don't take action, your account will be shut down.
- Claims that your email inbox is full or near its quota and needs to be upgraded.
- Claims that you must log in to trigger security features or other services.
What do you mean by "treat all links as suspicious?"
Many email messages are sent with Web-formatting HTML code behind the text. This is done in order to include web links, and to display images and use other special formats. However, Web links can be deceiving. A phishing message often masks a malicious site on what looks like an official Hunter College page. A text link that reads as a link to one site but leads to a different named site should be treated as highly suspicious.
For these reasons, you should never automatically trust what you see in email messages.
How do I safely ascertain where the links actually go?
If you are using a desktop or laptop with a mouse, you can 'hover' the mouse cursor over the link to display the link's true destination (which typically displays in the bottom-left corner of the screen, or in a pop-up box near where the cursor is "hovering.")
Try this: If you 'hover' over the following email address link you will notice that the information displayed (the link's true destination) doesn't match the email address, firstname.lastname@example.org.
Spoofed Headers - Faking the "From" Field
There is a mistaken belief that if an email says it is from a particular address, like email@example.com, it must actually be from that address. The unfortunate reality is that the "From" field can be easily faked to impersonate any address, account, organization or individual. This is commonly referred to as "spoofing."
An email that says it is from Hunter may contradictorily include in the "from" field, a non-Hunter email address (one that doesn't end in "@hunter.cuny.edu"). This is an instant indicator that Hunter DID NOT send the message, and you SHOULD NOT respond. Also keep in mind that even the email address included in the "from" field can be falsified to read as a Hunter email address.
If you are not sure about an email message's legitimacy, first check our previously reported phishing/spam page (you may not be the first one to receive the message and it may have already been reported to the Help Desk). If the email is not on the list, please foward the original phishing/spam email to firstname.lastname@example.org.
1. Go to NetID Central, either directly or by accessing it from the Hunter College homepage and selecting "Hunter Login (NetID)" listed under "Services" in the right-hand navigation bar.
2. Log in to NETID Central with your NetID and password.
3. Follow the "Click here to change your password" link.
4. Type in your new password and retype to confirm.