TSS has received several reports about an ongoing phishing scam targeting the NYU community. The message claims the "the virus DGTFX has been detected in your folder" and that the recepient must provide their password information in order to "upgrade" to the "secured DGTFX anti-virus 2009 to prevent damages to webmail logs". The fraudulent message requests that the recipient reply back to non-NYU email accounts, and in this case, an " @ns.sympatico.ca " email address. Below is a copy of the scam:
From: nyu.edu Web-Team [mailto:XXXXXXXXX@ns.sympatico.ca]
Sent: Friday, August 21, 2009 5:35 AM
Subject: Warning Notice!!!
A DGTFX virus has been detected in your folders Your email account has to be upgraded to our new Secured DGTFX anti-virus 2009 version to prevent damages to our webmail log and your important files.
Click your reply tab, Fill the columns below and send back or your email account will be terminated immediately to avoid spread of the virus.
DATE OF BIRTH:
webmail.nyu.edu - Webmail Technical Team
Note that your password will be encrypted with 1024-bit RSA keys for your password safety to avoid any unauthorized user.
NYU community members should NEVER REPLY TO ANY email that requests the recipient's email login name and password. Instead, forward phishing messages as an attachment to our email filtering account email@example.com. Doing so trains our email filters to prevent such types of spam from arriving into inboxes.
Please note: It is very important to forward the message as an attachment, otherwise our email filters will not be able to parse through the message correctly.
As a reminder of better security practices, always remember that:
- No NYU community member will ever ask for your account password, especially not over email.
- Do not reply back to emails from unidentified, untrusted sources.
- Forward all phishing messages as an attachment to firstname.lastname@example.org. This helps train our email filters to block such messages in the future.
- Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to email@example.com. When in doubt, do not reply and contact firstname.lastname@example.org.
- If a message informs you of an impending "account closure" unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.
The following sites also provide several useful tips on defending against these types of phishing attacks: