NYU Wordpress Theme

Spear Phishing Advisory

In recent days, a high number of spear phishing attacks have been targeted at NYU accounts. Spear phishing is different from generic phishing where an attacker seeks credentials within a specific domain or organization, typically to gain access to organizational resources such as LexisNexis and other paid subscription services, or confidential data.

Spear phishing, as with all phishing, is often easily recognized by consistent use of poor grammar, spelling, and punctuation, in addition to formatting errors usually resulting from the automatic nature of generating these emails. Naturally, this will not always be the case, so it is imperative to be on guard, and as always, follow TSS’s recommended safe browsing recommendations. Additionally, phishing often employs unusually strong language that is designed to override a sense of caution and get you to act without thinking too carefully. Note some of these traits in the emails included below.

Avoid clicking on links or downloading files in email, particularly when the source is suspect, as certain vulnerabilities may allow your credentials to be compromised simply by visiting certain links. When properly formatted and viewed in HTML format, it is easy to conceal a fake link beneath what appears to be a legitimate one.

Further, do not automatically assume that an email that appears to be from a trusted person is necessarily from them, including other NYU users. Red flags that may clue you in to a possible phishing include unexpected attachments or web links, or unusual language from the sender. Though we may like to believe otherwise, it is unlikely your director will tell you that they love you.

The emails included with this alert have been sanitized to prevent users from visiting the fraudulent sites in question, but are otherwise unedited. If you believe that you submitted your credentials to a phishing site, change your passwords to all NYU credentials, and send an email to security@nyu.edu immediately.

Sample #1:

Dear User,

The following alert has been posted to your username@nyu.edu, Regarding an unauthorized access to your account:

*Confidential Alert*

We implore you to follow our secure <http://www.fakenyudomain.net/www.nyu.edu.html > to confirm your details to avoid account suspended from our system.

Thank you .

New York University Customer Service

Sample #2:

I’m sharing some documents with you through Google Docs. Keep me informed

on your thought and advice on our specification.

[image: Microsoft Excel (.xlsx)]

Download Document < http://fakenyudomain.com/doc/ >

View Document < http://fakenyudomain.com/doc/ >

Thank you,

NYU User