Phishing Attempt Purporting to be From the NYU Library

Leila Sharma

Please be aware that the following e-mail message, despite the mention of “shibboleth” within the body of the message is a phishing attempt:

Screenshot of email with the following message "Dear User, Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account." The message provides a link to a login page and is signed "Best regards, New York University library ITS Project Services" with an email of "library@nyu.edu".

Please be reminded to inspect any email before replying, clicking any embedded links or opening any attachments. Specifically, with respect to email that is purporting to be from NYU or any secure source, please review the URL in the browser address bar, and make sure that the address is preceded by “https://” and a green lock symbol as follows:

Screenshot showing a locked green padlock followed by "https://"

The presence of “https://:” in the address bar does not, in and of itself, denote that a source is secure. If the lock appears open or has a strike mark on it, or if there is a red strikethrough on “https” (as shown below), the source cannot be trusted.

Screenshot showing a locked padlock with a red X over it folloed by "https://" with a red strike mark through the "https".

Please also be reminded that if you have questions about the legitimacy of an e-mail message, do not reply to the message or click on any embedded links, or open any associated attachments. Instead, independently verify the message and content/attachments with the sender.