3-9-26: Security Advisory - Phishing campaign
TO: John Jay College Community
FROM: Joseph Laub, Chief Information Officer
DATE: March 9, 2026
RE: Security Advisory - Phishing campaign
There is an ongoing phishing campaign underway (see example below)
If you receive messages asking you to validate your account or asking you for the code from your MFA app delete them. These email falsely suggest that urgent action is required regarding your university account.
Please review the indicators below and remain vigilant.
Common Indicators of This Phishing Campaign
- Subject lines suggesting the message is from CUNYfirst
- Subject lines such as 'Required Action"
- Language implying urgent or immediate action is required
- Requests to click a link, reply with personal information, or provide login credentials
If You May Have Been Impacted
If you receive a suspicious message — or if you have already responded to one — please email helpdesk@jjay.cuny.edu so we can report it to the university.
Protect Yourself: Important Reminders
DO:
- Be cautious when an 'External Sender' banner appears
- Type official web addresses directly into your browser instead of clicking links
- Use unique passwords for each account
- Change all passwords immediately if you suspect compromise
- Complete required Information Security Awareness Training in Brightspace
- Be especially careful when reviewing email on mobile devices
DO NOT:
- Do not reply to unexpected or unusual emails
- DO NOT SHARE YOUR MFA CODE
- Do not share personal information or passwords via email
- Do not click links or open attachments in unsolicited messages
- Do not share sensitive information
- Do not reuse passwords across work, banking, or personal accounts
For further assistance, please contact the DoIT Helpdesk at 212-237-8200 or email helpdesk@jjay.cuny.edu.
Phishing Email
