Skip to Navigation | Skip to Content

Beware of Fake "NYU Federal Credit Union" Phishing Attack

« Leopard OS X 10.5 Installation Turns Off Firewall | Main | ITS Scheduled Maintenance, Sun., Mar. 9 »

ITS Technology Security Services has received widespread reports about a phishing scam targeted at NYU community members using the NYUFCU (Credit Union) domain. The from address on the email was spoofed using that domain which may make it appear legitimate , but it also contains a few classic phishing characteristics such as:

  1. New York University Federal Credit Union will never ask members to call any number or visit any website for security reasons. Anyone who receives an e-mail that purports to be from New York University Federal Credit Union and asks for any information or action by the member should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
  2. The link in the message does not point to the domain the message supposedly came from, or any legitimate domain associated with the NYU Federal Credit Union.
  3. The message contains many spelling and grammar errors.
  4. The message implies urgency: "update your profile as soon as possible" and "your access will be continued as normal". Phishing attacks try to convince victims of the urgency of the "problem" in order to steal as much personal information as possible prior to ISPs bringing down the phishing websites.

DO NOT click on any link in that message. At this time, the best thing to do is to:

  1. Forward the spam message to
  2. Delete the message
  3. Inform your coworkers of the phishing scam

In the event you or another NYU member may have clicked on the link and provided personal information, contact TSS immediately at

If you believe your financial information may have been compromised as a result of this phishing attack, you can also contact the NYU Federal Credit Union at:

To find out more information about these types of phishing attacks and how to report them, visit:

Federal Internet Crime Complaint Center