Skip to Navigation | Skip to Content

"Suspicious sign in alert"

« New issue of Connect: IT at NYU | Main | Explore the New ServiceLink Knowledge Base »

There are new reports about a sophisticated phishing message that purports to come from "NYU ONLINE", INFODATA@NYU.EDU, "Suspicious sign in alert" or "NYU Services". The phishing message claims that NYU "just prevented a sign-in attempt on your *NYU* account from another location," and instructs the recipient to click on a web link to "to verify your profile". An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

NYU community members should NEVER REPLY TO OR CLICK ANY URL in an email that requests the recipient's e-mail login name and password.

As a reminder of better security practices, always remember that:

  • No NYU community member will ever ask for your account password, especially not over e-mail.
  • Do not reply back to e-mails from unidentified, untrusted sources.
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If you are unsure about the legitimacy of a message, contact the IT Service Desk at AskITS@nyu.edu or 212-998-3333.
  • Forward all phishing messages to phishing@nyu.edu. This helps train our e-mail filters to block such messages in the future.
  • If a message informs you of an impending "account closure" unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

The following sites also provide several useful tips on defending against these types of phishing attacks:


Example of phishing e-mail