Skip to Navigation | Skip to Content

January 2011

« December 2010 | Main | February 2011 »

January 25, 2011

"Announcement" Phishing Scam

There are new reports about a sophisticated phishing message that purports to come from "New York University webmasterr@nyu.edu". The message claims that NYU has "upgraded our server to new secured 2011 version" and that "You are require to upgrade your account to 2011 version by clicking here". The link, aptly labeled "https:/secure.nyu.edu", takes you to a fraudulent, non-NYU website where recipients are asked to enter in their NYU credentials.

NYU community members should NEVER REPLY TO OR CLICK ANY URL in an email that requests the recipient's email login name and password. Instead, forward phishing messages as an attachment to our email filtering account phishing@nyu.edu. Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

Please note: It is very important to forward the message as an attachment, otherwise our email filters will not be able to parse through the message correctly.

As a reminder of better security practices, always remember that:

  • No NYU community member will ever ask for your account password, especially not over email.
  • Do not reply back to emails from unidentified, untrusted sources.
  • Forward all phishing messages as an attachment to phishing@nyu.edu. This helps train our email filters to block such messages in the future.
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to is.spam@nyu.edu. If you are unsure about the legitimacy of a message, contact the ITS Client Services Center at askits@nyu.edu or 212-998-3333.
  • If a message informs you of an impending "account closure" unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

The following sites also provide several useful tips on defending against these types of phishing attacks:


Example Phishing Message


Subject: Announcement

* We have upgraded our server to new secured 2011 version.This is to enable your webmail account take a new look with new functions and help protect against spam e-mails. You are require to upgrade your account to 2011 version by clicking here or on the secure link below **https:/secure.nyu.edu*

*Copyright © 2011 New York University*

January 14, 2011

Validate New 'nyu' Security Certificate

The next time you access NYURoam, the University's secure wireless network, you may be presented with a dialog box asking you to validate a new server certificate. If prompted, simply verify and accept the new certificate and log on as usual; no further action is necessary.

The VeriSign security certificate used as part of the authentication process when accessing the NYURoam wireless network is periodically replaced by a new certificate. For more information, and for examples of the type of message you might see on Windows and Macintosh computers, please visit Ask ITS.