Avoid Phishing Scams by Increasing Your Cybersecurity Awareness
The Global Office of Information Security (GOIS) sends monthly phishing simulations to NYU IT staff as part of the Security Awareness and Training program.
E-Z Pass Phishing Simulation
The following E-Z Pass message is an example of a phishing simulation with a high click-through rate. See the email below with the social engineering indicators flagged and an explanation of each of the phishing indicators. If you have questions about this phishing simulation, please email firstname.lastname@example.org.
Be aware of phishing indicators and be prepared for the next phishing attack and phishing simulation.
- Unexpected Sender: Were you expecting an email from this sender?
- Unusual Subject: Do you normally receive this type of email at work?
- Suspicious Attachment: Attachment has a possibly dangerous file extension, PDF.
- Request for Payment: Message tells you to click a link or open an attachment to send money.
- Threatening Language: Warns of negative consequence if you don’t complete the request.
- Inconsistent Links: Hover over the "here" link, it does not take you to the site the email content says it will.
Beware of suspicious emails. Phishing messages may look like they’re from a company or person you know or trust to trick you into clicking on a link or opening an attachment. Watch the video and learn how to spot them.
Read about the Zoom Phishing Alert in the NYU IT Security News. The Better Business Bureau has issued an alert regarding Zoom-related phishing, in which malicious actors seek to deploy malware or steal your credentials via bogus Zoom notifications and invitations.