Skip to Navigation | Skip to Content

Computer Security News Archive

May 13, 2015

Spear Phishing Advisory

In recent days, a high number of spear phishing attacks have been targeted at NYU accounts. Spear phishing is different from generic phishing where an attacker seeks credentials within a specific domain or organization, typically to gain access to organizational resources such as LexisNexis and other paid subscription services, or confidential data.

Spear phishing, as with all phishing, is often easily recognized by consistent use of poor grammar, spelling, and punctuation, in addition to formatting errors usually resulting from the automatic nature of generating these emails. Naturally, this will not always be the case, so it is imperative to be on guard, and as always, follow TSS's recommended safe browsing recommendations. Additionally, phishing often employs unusually strong language that is designed to override a sense of caution and get you to act without thinking too carefully. Note some of these traits in the emails included below.

Avoid clicking on links or downloading files in email, particularly when the source is suspect, as certain vulnerabilities may allow your credentials to be compromised simply by visiting certain links. When properly formatted and viewed in HTML format, it is easy to conceal a fake link beneath what appears to be a legitimate one.

Further, do not automatically assume that an email that appears to be from a trusted person is necessarily from them, including other NYU users. Red flags that may clue you in to a possible phishing include unexpected attachments or web links, or unusual language from the sender. Though we may like to believe otherwise, it is unlikely your director will tell you that they love you.

The emails included with this alert have been sanitized to prevent users from visiting the fraudulent sites in question, but are otherwise unedited. If you believe that you submitted your credentials to a phishing site, change your passwords to all NYU credentials, and send an email to security@nyu.edu immediately.

Sample #1:

Dear User,

The following alert has been posted to your username@nyu.edu, Regarding an unauthorized access to your account:

*Confidential Alert*

We implore you to follow our secure <http://www.fakenyudomain.net/www.nyu.edu.html > to confirm your details to avoid account suspended from our system.

Thank you .

New York University Customer Service

Sample #2:

I'm sharing some documents with you through Google Docs. Keep me informed

on your thought and advice on our specification.

[image: Microsoft Excel (.xlsx)]

Download Document < http://fakenyudomain.com/doc/ >

View Document < http://fakenyudomain.com/doc/ >

Thank you,

NYU User

January 06, 2010

Symantec misreporting virus definitions date (U: 1/28)

An issue has been identified in the Symantec Endpoint Protection (SEP11) product line, whereby all types of virus and proactive threat protection definitions appear to date from December 31, 2009, 11:59pm. As a result, Windows XP, Vista, and 7 Security Centers may report that the definitions are out of date.

Clients running SEP11 are still protected, and Symantec will continue to release updated definitions as normal. However, for the time being, SEP definitions will display a date of December 31, 2009, with increasing revision numbers. The current revision number as of this writing is "r117."

Symantec is working on a solution and will update customers when a solution becomes available. Please check back on this site for the latest information.

Continue reading "Symantec misreporting virus definitions date (U: 1/28)" »

October 02, 2009

NYU targeted by "Toner Phoner" scam

There are reports of phone scammers targeting NYU, wherein a bogus "copy toner" supply company claims that they need to send the department an invoice for unpaid charges. The caller may ask the model of the department's copier so that they can 'update their records.' Moreover, their phone numbers come in as private.

This phone scam is particularly disconcerting because the caller often refers to other legitimate employees in the same department, to bolster the validity of the ruse. Oftentimes, the scammer is preying on reaching a temp, or someone new who will give up a name to the scammer so they can send an invoice or, even better, agree to a shipment. After the acceptance of one invoice, the scammer may begin to send more bogus invoices, some stamped "past due". They may even send a fake collection agency after your department, to convince them to pay.

There are few key tips you can follow to defend against these types of phone scams:

Continue reading "NYU targeted by "Toner Phoner" scam" »

September 03, 2009

Snow Leopard shipping with vulnerable Adobe Flash

Reports from several news sites indicate that Mac OS X "Snow Leopard", is shipping with an outdated and vulnerable version of Adobe Flash. This outdated version may leave your Mac vulnerable to web-based attacks targeting the Flash player.

Continue reading "Snow Leopard shipping with vulnerable Adobe Flash" »

November 02, 2007

Leopard OS X 10.5 Installation Turns Off Firewall

According to several security websites, upgrading to Apple's newest operating system, Leopard OS X 10.5, shuts off some basic security controls. Namely, it appears that upon installation, the default firewall rule in Leopard is "Accept all incoming connections".

This setting is highly risk since it exposes the computer to a possible network-based attack. It is recommended that the firewall rules are reviewed on all Macintoshes with Leopard installed. The firewall should be set to a more restrictive setting such as "Block all incoming connections" or "Only allow connections to these applications / services"

To do so in Leopard, go to System Preferences > Security > Firewall, change the setting to either of the aforementioned, and then save all changes.

June 25, 2007

Beware "Hit Man" Scam Email

There have been several reports of NYU members receiving suspicious email stating that a supposed "hit man", i.e. assassin, was being paid by a 3rd-party to 'terminate' the email recipient. The message also states that the assassin wishes to bargain with the victim by asking for monetary compensation to avoid being killed. Moreover, it goes on to instruct the recipient not contact any law enforcement agency, lest they wish for the issue to escalate

Continue reading "Beware "Hit Man" Scam Email" »

May 23, 2007

IRS Email Phishing Scam

There have been recent reports of NYU members receiving suspicious phishing emails that purport to be from the Internal Revenue Service. The IRS does not send out unsolicited e-mails or ask for detailed personal and financial information. Additionally, the IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

Phishing (as in "fishing for information" and "hooking" victims) is a scam where Internet fraudsters send e-mail messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victims' identity. Current scams include phony e-mails which claim to come from the IRS and which lure the victims into the scam by telling them that they are due a tax refund.

An example of the phishing message appears as the following:

Continue reading "IRS Email Phishing Scam" »

January 09, 2007

Download Windows Updates: 01/09/07

Microsoft released three critical Windows patches on Jan. 9th that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Excel, Outlook, and VML handling.

The vulnerabilities, if not patched, can allow an attacker to execute arbitrary code and compromise your computer.

These updates concern multiple versions of Windows including, but not limited to, Windows XP Professional SP2 and the Mac versions of the Office Suite. It is very important that you update your Windows operating system as soon as possible.

Download the latest updates here:

http://update.microsoft.com

October 25, 2006

Firefox 2.0 Released

The Mozilla group has released the latest version of FireFox, updating it to version 2.0. This latest version of the popular web browser touts updated security features amongst other improvements.

One of the newest updates in this iteration of the popular web browser is the "Phishing Filter" feature. This component will protect web surfers by blocking malicious phishing websites from displaying any content. Phishing is defined as:

"A form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords."

Firefox 2.0 will also add protection from spyware installations. Such applications will not install by default, and users will be clearly prompted for such types of installations.

You can download Firefox 2.0 from the ITS Software page: www.nyu.edu/its/software/.