Skip to Navigation | Skip to Content

Phishing scam targeting NYU Email

« New! ITS Kimmel Laptop Lab | Main | Confickr Worm: Regarding 'Attack' on April 1st »

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'upgradingteam09', 'NYU web_mail Team', 'ACCOUNT Team NYU MAIL ACCOUT' or the like. The message requests your password, name, and other personal information to avoid shutting down your NYU email account. The message requests that the recipient reply back to non-NYU email accounts, usually an email address.

NYU members should never reply to the fraudulent phishing emails. Instead, forward the messages as an attachment to our email filtering account Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

Please note: It is very important to forward the message as an attachment, otherwise our email filters will not be able to parse through the message correctly.

As a reminder of better security practices, always remember that:

  • No NYU member will ever ask for your account password, especially not over email
  • Do not reply back to emails from unidentified, untrusted sources.
  • Forward all phishing messages as an attachment to This helps train our email filters to block such messages in the future
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to When in doubt, do not reply and contact
  • If a message informs you of an impending 'account closure' unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

The following sites also provide several useful tips on defending against these types of phishing attacks:

Example #1

A sample of the phishing message can be found below:

This message is from your account center to all account
owners of NYU ACCOUNT We are currently upgrading our data base and E, mail
account center.We are deleting all unused account to create space for new
accounts.To prevent your account from being deactivated you will have to
update it.
E mail ACCOUNT NAME :..............
E mail Password :..............
Date of Birth :..............
Country or Territory: ........
Warning!!! Account owner that refuses to update his or her account within
days of receiving this ACCOUNT will lose his other account permanently.Thank
you for your understanding
Warning Code:64MT1

Example #2

Dear Staff/Student

This message is from the IT Service messaging center to all subscribers/webmail users. We are currently upgrading the webmail data base and e-mail centers due to an unusual activities identified in our email system. We are deleting all unused Webmail Accounts. You are required to verify and update your Webmail by confirming your Webmail identity. This will prevent your Webmail account from been closed during this exercise. In order to confirm your Webmail identity, you are to provide the following data;

Confirm Your WebMail Identity Below;

First Name:

Last Name:



Date of Birth:

Warning: Any subscriber/webmail user that refuses to verify and subsequently update his/her Webmail within 4 days of receiving this warning will lose his/her Webmail Account permanently.

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect your Webmail Account. We apologise for any inconvenience.


IT Service.

Webmail Administrator.