Illegal downloading is prominent type of copyright infringement. Do you know that some applications used for downloading actually turn your computer into a server, allowing it to be used for the distribution of copyrighted information?
For information regarding the University’s stance on illegal downloading, please see A Note on Illegal Downloading. For copyright infringement information, please see the following NYU KnowledgeBase article: Copyright Infringement FAQs.
Please be advised that portions of the internet are currently under a denial of service attack, and may be unavailable. This includes at least NYU Box. Box and many other Internet services are working on controlling this attack and making their services available. To see which NYU services are impacted, and to monitor service status, please click here.
For more information on the attack and for a longer list of impacted sites, please see: http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835
Please be advised of the following phishing message:
Please be reminded of the importance of hovering over each link in an email message and confirming where a link will direct you before clicking it. Although the first link in this message appears as: https://shibboleth.nyu.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=a14tjdxg5d4av4qfd9m4o1cf?execution=e1s1
and has known and familiar elements, it is spoofed. When you hover over the link (in the received message), what displays is: http://shibboleth.nyu.edue.in/idp/profile/SAML2/Redirect/Loginpage.php?
Please note that what you are looking for is https://shibboleth.nyu.edu and other variants indicate a malicious link.
If you received this message, and clicked the first embedded link, and entered your credentials at the spoofed login prompt, please take the following steps:
- Immediately reset your password. Please see Changing your NetID/NYUHome password for instructions.
- For NYU employees, please confirm your Direct Deposit information in PeopleSync (Workday).
Ransomware is a growing threat on the information security landscape. These attacks target your devices and the data stored thereon, as well as the data on flash drives which you may have mounted and networks and cloud services to which you may be connected. For more information on ransomware and how you can protect yourself from this threat, please see:
Ransomware Scams: Don’t Let Them Lock You Out of Your Own Computer
Strong passwords and the use of a password manager to manage the many strong passwords you create are essential to keeping your data secure. For more information on password best practices, and password manager FAQs and recommendations, please see:
Under Lock and Passphrase: Protecting and storing your passwords with a password manager
Please be advised that the following email is forged. In this instance, one is able to discern the forgery is by hovering over one of the login links contained in the message. When this is done (from the received message), the following text displays:
Although you see Shibboleth and nyuedu in the link, please be reminded that you should look for https://www.shibboleth.nyu.edu/
Please also be advised that the company hosting this particular link has been contacted, and the link has been taken down.
Two steps that you can take to avoid targeted attacks by social engineers are:
- Limit the information you share on social media sites. Information shared on these sites can be used to target you, your place of employment, or people that you know. For example, a targeted phishing attempt, a/k/a spear phishing, may be designed to target you or someone that you know, as a result of information gleaned from social media.
- Use your phishing detection skills and knowledge to examine e-mail received and avoid phishing scams. To view a NYU Knowledge Base resource on detecting phishing messages, please click here.
Social engineering schemes may occur via:
- Phishing attempts
- Telephone calls (a/k/a “vishing”)
- In-person visits
For more information on targeted attacks, please view the following SANS video of the month which will be available for viewing throughout the month of October.
For more information on social engineering and how you can protect yourself, please click here. Please report suspected social engineering scams to firstname.lastname@example.org.
Did you know? October is National Cyber Security Awareness Month (NCSAM)! The goal of NCSAM is to promote awareness of the information security risks and threats we face daily. The themes we’ve chosen for the month are ransomware, and passwords. Please visit our Security Awareness page for more information, and links to resources.
What can you do to improve your individual information security posture? Learn essential security tips, and access related information security resources by taking the Individual Technology Security Tech Savvy elearning module! This module is available to faculty and administrators on iLearn.
NYU’s Office of information Security is here throughout the month (and beyond) to provide you with the latest tips and tutorials on how to protect yourself and your information online.