There are new reports about a sophisticated phishing message that purports to come from "NEW YORK UNIVERSITY" or "Information Technology Services (ITS)". The phishing message claims that NYU is "upgrading and maintaining all e-mail accounts" and that are to " click the link below and follow the instruction.". The link then takes you to a Google doc that requests, amongst other things, your NetID and password. This message is a forgery and should be deleted immediately.
NYU community members should NEVER REPLY TO OR CLICK ANY URL in an email that requests the recipient's email login name and password.
As a reminder of better security practices, always remember that:
- No NYU community member will ever ask for your account password, especially not over email.
- Do not reply back to emails from unidentified, untrusted sources.
- Forward all phishing messages to email@example.com. This helps train our email filters to block such messages in the future.
- Messages that request personal information over plaintext email should be regarded as being suspicious. If you are unsure about the legitimacy of a message, contact the ITS Client Services Center at firstname.lastname@example.org or 212-998-3333.
- If a message informs you of an impending "account closure" unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.
The following sites also provide several useful tips on defending against these types of phishing attacks:
- SOPHOS Best Practices - Phishing
- ScamWatch.Gov - See a Scam
- ScamWatch.Gov - How to Protect Yourself from a Scam
Example Google Phishing Form