This morning approximately 1250 University email addresses were targeted with a convincing phishing message that directed users to put the username and password into a website that did not belong to the University. The phishing email was well written with University branding, but there were some red flags that should have alerted users:
1. The from address is binghamton.edu
2. The email is asking users to confirm their accounts. IT Services will never ask you to do this.
The phishing email looked like this...