Skip to Navigation | Skip to Content

Phishing scam targeting NYU Email

« Albert, Torchtone & SIS Maintenance, Sat., 5/31 | Main | NYUHome Email Overnight Maintenance, Fri., Aug. 1 at 8pm »

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'help desk'. The message requests that the person reply back to the email with the email address & password in order to avoid the email account from being 'shut off'

NYU members should not reply to the fraudulent phishing emails. Instead, forward the messages as an attachment to our email filtering account phishing@nyu.edu. Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

Please note: It is very important to forward the message as an attachment, otherwise or email filters will not be able to parse through the message correctly.

As a reminder of better security practices, always remember that:

  • No NYU member will ever ask for your account password, especially not over email
  • Do not reply back to emails from unidentified, untrusted sources.
  • Forward all phishing messages as an attachment to phishing@nyu.edu. This helps train our email filters to block such messages in the future
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to is.spam@nyu.edu. When in doubt, do not reply and contact security@nyu.edu.
  • If a message informs you of an impending 'account closure' unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

A sample of the phishing message can be found below:

Dear E-mail Users,

We are currently carrying-out a maintainance process to your nyu account. To complete this process you must reply to this email and enter your Current User Name here ( Here ) and Password here ( Here ) if you are the rightful owner of this account. Our Message Center will confirm your identity including your Secret Question and Answer immediately.

The new nyu Webmail is a fast and light-weight appliction to quickly and easily access your e-mail. This process will also help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.

You can also confirm your email address by logging into your nyu Webmail account at:
https://webmail.nyu.edu/

NOTE: You will be send a password reset messenge in next seven (7) working days after under going this process for security reasons.

Thank you for using nyu Webmail!
https://webmail.nyu.edu/

Posted by cp493 on July 4, 2008 05:33 PM |