Skip to content. | Skip to navigation

You are here: Home IT - (Instructional Computing and Information Technology) IT Security COVID-Themed Phishing Scams

COVID-Themed Phishing Scams

CUNY has recently experienced several instances of fraudulent, COVID-themed phishing attempts. This intent of this alert is to raise awareness of this ongoing campaign. Please review the following information which can help you recognize similar phishing attempts should one be directed to you.

Security Threat Identification / Symptoms

Phishing email in which COVID-19-related grant money / benefits or a stay-at-home job is offered. Emails may be entitled "Important/Urgent Message from the College Finance Department" "COVID-19 Benefits" or similar. The email or email attachment contains a link to "sign up" for the fraudulent offers. Please note that the sender of the phishing email could be from a CUNY email account that has been compromised. Samples of several such phishing emails are included at the bottom of this message.


Click thumbnail images below to view larger samples of COVID-19 phishing scam emails:

Benefits Scam

COVID Benefits Scam Sample
Finance Dept. Scam

COVID - Finance Dept Scam Example
Finance Dept. Scam

COVID - Finance Dept Scam Example 1
Job Scam

COVID - Job Scam


If you think you have already been impacted by this security threat

If you believe you are a victim of an online scam or malware campaign, please report it to the CUNY CIS Service Desk (, 646-664-2311) and consider the following actions:

  • Advise your financial institution immediately of any account information that may have been compromised. Watch for unexplained charges to your account
  • Immediately change any passwords that you might have revealed. If you used the same password for multiple websites make sure to change it for each account, and do not use that same password in the future
  • Go to for information on reporting identity theft


Recommended User Action

  • DO NOT reply to unexpected or unusual email from any sender.
  • DO be particularly cautious when the "external source" warning banner is present.
  • DO NOT reply to email with, or provide any, personal information or passwords. If you have reason to believe that a request is real, call the department, institution or company directly
  • DO NOT click a link or open an attachment in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser
  • DO NOT use the same password for your work account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt, perpetrators attempt to use your compromised password to access many online services
  • DO change ALL of your passwords if you suspect any account you have access to may be compromised
  • DO be particularly cautious when reading email on a mobile device. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen
  • DO remember that official communications should not solicit personal information by email
  • DO read the CUNY Phishing Advisory posted at under CUNY Issued Security Advisories
  • DO complete information security awareness training located at


Security Threat Explained

Such phishing messages request that the recipient click on a link in the email or in an attachment that requests personal or login/password credential information to be entered. The associated website is fraudulent. Information entered in response to the phish is harvested by malicious actors to be used to conduct identity theft, account compromise, data theft, etc.


Document Actions
IT - (Instructional Computing and Information Technology) website feedback:
Hunter College 695 Park Avenue NY, NY 10065 212.772.4000
212-772-5799 | email us
695 Park Ave
NY, NY 10065