"NYU WARNING!!!" phishing scam
There are new reports about a phishing message that purports to come from "Nyu Helpdesk" The phishing message claims "This is an automated message to notify you that a valid password was used to login your Nyu account from an unrecognized device, Today Monday, March 31th, 2014 at 03:00(UTC+02), in Baghdad, Iraq (IP=188.8.131.52) as a result of that your account has been temporarily suspended.," and instructs the recipient to click on a web link. An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.
NYU community members should NEVER REPLY TO OR CLICK ANY URL in an email that requests the recipient's e-mail login name and password.
As a reminder of better security practices, always remember that:
- No NYU community member will ever ask for your account password, especially not over e-mail.
- Do not reply back to e-mails from unidentified, untrusted sources.
- Messages that request personal information over plaintext email should be regarded as being suspicious. If you are unsure about the legitimacy of a message, contact the IT Service Desk at AskITS@nyu.edu or 212-998-3333.
- Forward all phishing messages to firstname.lastname@example.org. This helps train our e-mail filters to block such messages in the future.
- If a message informs you of an impending "account closure" unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.
The following sites also provide several useful tips on defending against these types of phishing attacks:
- SOPHOS Best Practices - Phishing
- ScamWatch.Gov - See a Scam
- ScamWatch.Gov - How to Protect Yourself from a Scam
Example of phishing email
From: Nyu Helpdesk (email@example.com) Date: Fri, Mar 21, 2014 at 7:35 PM Subject: NYU WARNING!!! To:
This is an automated message to notify you that a valid password was used to login your Nyu account from an unrecognized device, Today Monday, March 31th, 2014 at 03:00(UTC+02), in Baghdad, Iraq (IP=184.108.40.206) as a result of that your account has been temporarily suspended.
If you did this, you can safely disregard this email. If you didn't do this, kindly follow our review link below to retrieve your account http://nyuhelpdesk.yolasite.com/ Sincerely, Nyu Helpdesk [---001:000564:57449---] Please do not reply to this message. Mail sent to this address cannot be answered.This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com