Skip to Navigation | Skip to Content

"NYU Email | Update"

« Explore the New ServiceLink Knowledge Base | Main | "IT help Desk" »

There are new reports about a sophisticated phishing message that purports to come from "IT Service Desk" or Ask_ITS@nyu.edu. The phishing message claims "NYU's web mail and Calendar Service have been updated," and instructs the recipient to click on a web link "for information and instructions on how to access your email." An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.

NYU community members should NEVER REPLY TO OR CLICK ANY URL in an email that requests the recipient's e-mail login name and password.

As a reminder of better security practices, always remember that:

  • No NYU community member will ever ask for your account password, especially not over e-mail.
  • Do not reply back to e-mails from unidentified, untrusted sources.
  • Messages that request personal information over plaintext email should be regarded as being suspicious. If you are unsure about the legitimacy of a message, contact the IT Service Desk at AskITS@nyu.edu or 212-998-3333.
  • Forward all phishing messages to phishing@nyu.edu. This helps train our e-mail filters to block such messages in the future.
  • If a message informs you of an impending "account closure" unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

The following sites also provide several useful tips on defending against these types of phishing attacks:


Example of phishing e-mail


phish_sep_1.png

Phishing e-mail Web Page (Notice the Free Web Hosting Advert on the Bottom Left)


phish_sep_2.png |