June 26, 2024 SAFETY ALERT

To the Campus Community:

Malicious actors utilizing remote access phishing scams have been targeting individuals across the country, including those attending or employed by Binghamton University.

In this scam, the suspect contacts potential victims through a mass email, posing as a trusted source, such as a vendor or company like PayPal. The email warns the recipient of an unauthorized transaction on their account or claims their computer has been hacked, directing them to contact either "tech support" or another company representative. The email provides a phone number for this contact; however, neither the phone number nor the person who answers are affiliated with the mentioned company. When the victim calls the provided number, they are instructed to download a remote access application. Although numerous applications allow remote access to a computer, "LogMeIn" and "AnyDesk" are typically utilized. Once the application is downloaded, the suspect can gain control of the victim’s computer and potentially access all data, including banking information and passwords.

On Tuesday, June 25, the University Police received a report of this scam occurring on Binghamton’s campus. In response to this report and recognizing the ongoing threat posed by such scams, the UPD strongly advises all members of the campus community to exercise caution when interacting with unfamiliar individuals via email. 

To minimize the risk of falling victim to this scam, consider implementing the following preventive measures:


1. Treat all emails alerting you of potential cyber-attacks or fraudulent activity on banking apps with suspicion. If you receive such an alert, do not use the phone number provided in the email. Instead, contact the company directly using a verified phone number from the company’s official website to confirm that the email is fraudulent.


2. Never download a remote access application such as "AnyDesk" or "LogMeIn" at the direction of an unknown person.


3. Never disclose any personal information online, including passwords, cell phone numbers, dates of birth, addresses, or common security questions such as your mother's maiden name.

4. If your computer is accessed remotely, quickly shut down the machine and unplug all cables from the wall. Once this is done, contact Binghamton University Information Technology Services for further guidance on how to protect your computer and information. 

If you become a victim of this or any online fraud, report the incident to the university police at (607)777-2393 immediately. Information can also be reported anonymously through the University Police website: https://www.binghamton.edu/police/anonymous-tips.html. Your prompt reporting is crucial for our ability to provide swift assistance and effectively address the situation.

This message has been delivered to all active users of the Binghamton University electronic mail system. This message is posted for the Binghamton community in compliance with the "Timely Warning" provisions of the federal Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act of 1990. You cannot be removed from these distributions. There is no reason to forward this message to individuals or mailing lists within the Binghamton mail system, as it is already distributed to everyone.