How do I spot a phishing attempt?

Phishing is a type of scam where attackers impersonate a trusted source (like SUNY Plattsburgh or your bank) to trick you into giving up personal information — like your username, password, or even financial details — often through fake emails or login pages.

🐟 What is Phishing?

Phishing is a type of scam where attackers impersonate a trusted source (like SUNY Plattsburgh or your bank) to trick you into giving up personal information — like your username, password, or even financial details — often through fake emails or login pages.

How do you verify a Plattsburgh login is legit?

It’s as Easy as 1 and 2!

Phishing scams are on the rise, and at SUNY Plattsburgh, we're seeing an increase in suspicious messages trying to trick users into revealing their passwords.

Before you enter your NetID and password, take two quick steps to stay safe:

✅ 1. Check the Page

Make sure you're on our official login page. It should look just like the screenshot below.

✅ 2. Check the URL

The web address at the top of your browser should say:

https://cas.plattsburgh.edu

This means you're signing in through our official Central Authentication System (CAS). If the address looks strange — close the tab immediately.

🚨 A Few Important Reminders

• We will NEVER ask for your password via email, text, or a random web form.

• The only secure places to enter your credentials are:

  • On our CAS login page (cas.plattsburgh.edu)

  • Or when signing in on a SUNY Plattsburgh campus computer

We use a federated identity system for authentication. That means you’ll only ever log in through trusted platforms that we manage.

🔐 Protect Your Duo 2FA Code

We use Duo for two-factor authentication (2FA) to help keep your account secure. But even Duo can’t protect you if you give your code to someone else.

🚫 Never Do These Things:

• Don’t approve a Duo push you didn’t expect
  (If you're not logging in — deny it!)

• Never enter your 2FA code into an email, form, or website other than our official login

• Never text or email your code to anyone — even if they say they’re from SUNY Plattsburgh

If someone gets your password and tricks you into giving up your Duo code, they can still get in. That’s why it’s important to stay alert.

💡 Tip:

If you get a Duo prompt out of the blue, it could be a hacker trying to access your account. Hit “Deny” and report it right away.

📨 What to Do If You Spot a Phish

If you receive a suspicious message in Gmail:

• Click the three-dot menu (⋮) in the top-right corner of the message

• Select “Report phishing” to flag it for Google

Want to let us know directly?

📧 Email us at: helpdesk@plattsburgh.edu
📍 Or stop by the Helpdesk — we’re happy to help in person!

🧠 Stay Vigilant

The best defense is awareness. When in doubt, don’t click — verify before you act.