Please be aware that the following e-mail message, despite the mention of “shibboleth” within the body of the message is a phishing attempt:
Please be reminded to inspect any email before replying, clicking any embedded links or opening any attachments. Specifically, with respect to email that is purporting to be from NYU or any secure source, please review the URL in the browser address bar, and make sure that the address is preceded by “https://” and a green lock symbol as follows:
The presence of “https://:” in the address bar does not, in and of itself, denote that a source is secure. If the lock appears open or has a strike mark on it, or if there is a red strikethrough on “https” (as shown below), the source cannot be trusted.
Please also be reminded that if you have questions about the legitimacy of an e-mail message, do not reply to the message or click on any embedded links, or open any associated attachments. Instead, independently verify the message and content/attachments with the sender.
We recommend that you update your instance of Symantec Endpoint protection. If you are a Mac user, you may do so via LiveUpdate as follows:
If you are a PC user, please update to SEP 12.1 RU6 MP5 by visiting https://home.nyu.edu/, clicking the Ask NYU IT button, and downloading Symantec Endpoint Protection (available on the Software section of the page). This update addresses buffer overflow and memory corruption findings in the AV Decomposer engine as well as a number of vulnerabilities resulting in users being able to leverage elevated privilege to access unauthorized files.
Those who are centrally managed may be updated automatically. If in doubt as to whether you are centrally managed, please contact your local IT Admin.
For more information, please see the following security advisories: SYM16-010 & SYM16-011.
As you may know, there have recently been many large breaches of major sites, including LinkedIn, tumblr, Snapchat, MySpace and others. These breaches have involved the compromise of user account credentials.
To see a list of recently breached websites, please visit: https://haveibeenpwned.com/PwnedWebsites To check if you have an account that has been compromised, please visit: https://haveibeenpwned.com/ Additionally, to see a graphic of the biggest data breaches (you may filter by industry, and view by method of leak), please visit: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
We offer the following recommendations:
- Remain attentive to news reports of breaches, as there are often delays between the actual breach and the notification to users/account-holders.
- If you believe or discover that an account has been breached, change your password asap.
- Use unique passwords for each individual account. A general “rule of thumb” is that longer passwords (15+ characters) are stronger passwords. We further recommend that you use a Password Manager (such as Keeper, LastPass . . . etc.) to manage your passwords.
- Do not reuse passwords.
Recently, there have been reports that Teamviewer (software used for remote support, remote access, and online meetings), has been hacked. What is notable are claims that the use of strong authentication, which includes the use of unique, and long/complex passwords was not a deterrent in these attacks. Impacted users report no detectable malware on their computers. However, there are claims that the hackers have attempted to access saved PayPal & bank sessions in order to purchase items online.
It is speculated that the majority of Teamviewer account breaches are related to username + password reuse between sites which have experienced breaches (LinkedIn, Tumblr, MySpace). These site breaches have occasioned the release of between 70-150 million stored accounts, making username + password combinations easily retrievable.
We recommend the following:
- Teamviewer users uninstall the program from devices. Windows RDP (Windows Remote Desktop Protocol) or SSH on any *nix computers, including Macs and Linux (Secure Shell) can be used as alternatives to Teamviewer. Windows RDP instructions: http://windows.microsoft.com/en-us/windows-10/how-to-use-remote-desktop; Mac OSX remote desktop instructions: http://www.macworld.com/article/2839080/away-from-home-heres-how-to-access-your-mac-remotely.html; SSH for *nix instructions: https://www.digitalocean.com/community/tutorials/how-to-use-ssh-to-connect-to-a-remote-server-in-ubuntu
- If you re-use passwords between sites (Linkedin, Tumblr . . . etc), we recommend that you correct this security vulnerability asap, and create unique passwords for each service that you use. Please be reminded that you can use a password manager (LastPass, KeeperSecurity . . . etc.) to manage your passwords.
- If you believe you have been breached, make sure to regularly monitor all of your financial activity to detect possible fraudulent purchases and money transfers.
For more information, please see:
Please be advised of the following phishing message, purporting to come from the NYU Student Health Center. With respect to suspicious email, we recommend the following:
- Refrain from replying to the message.
- Do not click on any embedded links (e.g., CLICK HERE), elements, or open any attachments.
- If in doubt of the legitimacy of a message, you can always contact the sender independently using contact information in your possession or use website provided contact information.
- Forward suspect messages to firstname.lastname@example.org.
Additionally, when you hover over a clickable link, a URL may display. For more information on identifying suspicious URLs, please see: Security Education: Recognizing phishing scams and protecting yourself online.
The following is the login prompt that will appear if a user clicks on the CLICK HERE link embedded in the e-mail message. The screenshot that follows shows the URL that appears in the address bar when the forged login prompt displays:
Please be reminded that the way to determine that the above login prompt is legitimate, is to view the text in the address bar, which should go to https://shibboleth.nyu.edu with the green lock symbol as shown.
If you entered your credentials at the prompt:
- Immediately reset your password. Please see Changing your NetID / NYUHome password for instructions.
- For NYU employees, please confirm your Direct Deposit information in PeopleSync (Workday).