NYU Wordpress Theme

Phishing Attempt Purporting to be From the NYU Library

Please be aware that the following e-mail message, despite the mention of “shibboleth” within the body of the message is a phishing attempt:

Screenshot of email with the following message "Dear User, Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account." The message provides a link to a login page and is signed "Best regards, New York University library ITS Project Services" with an email of "library@nyu.edu".

Please be reminded to inspect any email before replying, clicking any embedded links or opening any attachments. Specifically, with respect to email that is purporting to be from NYU or any secure source, please review the URL in the browser address bar, and make sure that the address is preceded by “https://” and a green lock symbol as follows:

Screenshot showing a locked green padlock followed by "https://"

The presence of “https://:” in the address bar does not, in and of itself, denote that a source is secure. If the lock appears open or has a strike mark on it, or if there is a red strikethrough on “https” (as shown below), the source cannot be trusted.

Screenshot showing a locked padlock with a red X over it folloed by "https://" with a red strike mark through the "https".

Please also be reminded that if you have questions about the legitimacy of an e-mail message, do not reply to the message or click on any embedded links, or open any associated attachments. Instead, independently verify the message and content/attachments with the sender.

Symantec Anti-Virus Engine Vulnerability

We recommend that you update your instance of Symantec Endpoint protection.  If you are a Mac user, you may do so via LiveUpdate  as follows:

Screenshot showing LiveUpdate being opened from an icon on the Menu Bar.  Hovering over LiveUpdate presents the Open LiveUpdate option.  This option can be clicked to open LiveUpdate.

If you are a PC user, please update to SEP 12.1 RU6 MP5 by visiting https://home.nyu.edu/, clicking the Ask NYU IT button, and downloading Symantec Endpoint Protection (available on the Software section of the page). This update addresses buffer overflow and memory corruption findings in the AV Decomposer engine as well as a number of vulnerabilities resulting in users being able to leverage elevated privilege to access unauthorized files.  

Those who are centrally managed may be updated automatically. If in doubt as to whether you are centrally managed, please contact your local IT Admin.

For more information, please see the following security advisories: SYM16-010 & SYM16-011.

Recent Large Breaches

As you may know, there have recently been many large breaches of major sites, including LinkedIn, tumblr, Snapchat, MySpace and others.  These breaches have involved the compromise of user account credentials.

To see a list of recently breached websites, please visit:  https://haveibeenpwned.com/PwnedWebsites  To check if you have  an account that has been compromised, please visit:  https://haveibeenpwned.com/ Additionally, to see a graphic of the biggest data breaches (you may filter by industry, and view by method of leak), please visit: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

We offer the following recommendations:

  • Remain attentive to news reports of breaches, as there are often delays between the actual breach and the notification to users/account-holders.
  • If you believe or discover that an account has been breached, change your password asap.
  • Use unique passwords for each individual account. A general “rule of thumb” is that longer passwords (15+ characters) are stronger passwords.  We further recommend that you use a Password Manager (such as Keeper, LastPass  . . . etc.) to manage your passwords.
  • Do not reuse passwords.

 

Teamviewer Security Breaches

Recently, there have been reports that Teamviewer (software used for remote support, remote access, and online meetings), has been hacked. What is notable are claims that the use of strong authentication, which includes the use of unique, and long/complex passwords was not a deterrent in these attacks. Impacted users report no detectable malware on their computers. However, there are claims that the hackers have attempted to access saved PayPal & bank sessions in order to purchase items online.

It is speculated that the majority of Teamviewer account breaches are related to username + password reuse between sites which have experienced breaches (LinkedIn, Tumblr, MySpace). These site breaches have occasioned the release of between 70-150 million stored accounts, making username + password combinations easily retrievable.

We recommend the following:

  1. Teamviewer users uninstall the program from devices.  Windows RDP (Windows Remote Desktop Protocol) or SSH on any *nix computers, including Macs and Linux (Secure Shell) can be used as alternatives to Teamviewer.  Windows RDP instructions:  http://windows.microsoft.com/en-us/windows-10/how-to-use-remote-desktopMac OSX remote desktop instructions: http://www.macworld.com/article/2839080/away-from-home-heres-how-to-access-your-mac-remotely.html; SSH for *nix instructions: https://www.digitalocean.com/community/tutorials/how-to-use-ssh-to-connect-to-a-remote-server-in-ubuntu 
  2. If you re-use passwords between sites (Linkedin, Tumblr . . . etc), we recommend that you correct this security vulnerability asap, and create unique passwords for each service that you use.  Please be reminded that you can use a password manager (LastPass, KeeperSecurity . . . etc.) to manage your passwords.
  3. If you believe you have been breached, make sure to regularly monitor all of your financial activity to detect possible fraudulent purchases and money transfers.

For more information, please see:

 

Recent Phishing Message (NYU Student Health Center)

Please be advised of the following phishing message, purporting to come from the NYU Student Health Center. With respect to suspicious email, we recommend the following:

  • Refrain from replying to the message.
  • Do not click on any embedded links (e.g., CLICK HERE), elements, or open any attachments.
  • If in doubt of the legitimacy of a message, you can always contact the sender independently using contact information in your possession or use website provided contact information.
  • Forward suspect messages to phishing@nyu.edu.

Additionally, when you hover over a clickable link, a URL may display. For more information on identifying suspicious URLs, please see: Security Education: Recognizing phishing scams and protecting yourself online.

 

Screenshot showing phising message dated 5/31/16 stating "You have an important secure message from the Student Health Center. Please CLICK HERE to view the message." Signed "New York University".

The following is the login prompt that will appear if a user clicks on the CLICK HERE link embedded in the e-mail message.  The screenshot  that follows shows the URL that appears in the address bar when the forged login prompt displays:

Screenshot showing spoofed NYU login prompt

Screenshot showing the text in the browser address bar when the spoofed login prompt displays "tinyurl.com/gmdydke"

Please be reminded that the way to determine that the above login prompt is legitimate, is to view the text in the address bar, which should go to https://shibboleth.nyu.edu with the green lock symbol as shown.

Screenshot showing a locked green padlock followed by "https://shibboleth.nyu.edu/"

If you entered your credentials at the prompt:

  • Immediately reset your password. Please see Changing your NetID / NYUHome password for  instructions.
  • For NYU employees, please confirm your Direct Deposit information in PeopleSync (Workday).