NYU Wordpress Theme

Illegal Downloading/Copyright Infringement

Illegal downloading is prominent type of copyright infringement. Do you know that some applications used for downloading actually turn your computer into a server, allowing it to be used for the distribution of copyrighted information?

Screenshot of NYU signage with the image of a ghost and the following title text "Don't Let Copyright Infringement Come Back to Haunt You" followed by "Illegal downloading is a copyright infringement and a violation of federal law. For more information see www.nyu.edu/it/illegal. The NYU Office of Information Security follows up with suspected infringers who download illegally using NYU-NET." The following link appears at the bottom of the sign "www.nyu.edu/it/security/awareness".

For information regarding the University’s stance on illegal downloading, please see A Note on Illegal Downloading.  For copyright infringement information, please see the following NYU KnowledgeBase article: Copyright Infringement FAQs.

Internet Denial of Service & NYU Box Availability

Please be advised that portions of the internet are currently under a denial of service attack, and may be unavailable. This includes at least NYU Box. Box and many other Internet services are working on controlling this attack and making their services available. To see which NYU services are impacted, and to monitor service status, please click here.

For more information on the attack and for a longer list of impacted sites, please see: http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835

Recent Phishing Message

Please be advised of the following phishing message:

Screenshot of an email dated 10/20/16 purporting to be from a sender at utoronto.ca with the following text "Hi Dear (name blocked out) I recently read your last article and it was very useful in my field of research. I wonder, if possible, to send me these articles to use in my current research: (two links follow). Thanks for your Cooperation in Advance." signed "Dr. Peter Landry, Toronto University, Department of Management, phone 905 569 5787z'.

Please be reminded of the importance of hovering over each link in an email message and confirming where a link will direct you before clicking it. Although the first link in this message appears as: https://shibboleth.nyu.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=a14tjdxg5d4av4qfd9m4o1cf?execution=e1s1
and has known and familiar elements, it is spoofed. When you hover over the link (in the received message), what displays is: http://shibboleth.nyu.edue.in/idp/profile/SAML2/Redirect/Loginpage.php?
Please note that what you are looking for is https://shibboleth.nyu.edu and other variants indicate a malicious link.

If you received this message, and clicked the first embedded link, and entered your credentials at the spoofed login prompt, please take the following steps:

  • Immediately reset your password. Please see Changing your NetID/NYUHome password for  instructions.
  • For NYU employees, please confirm your Direct Deposit information in PeopleSync (Workday).

 

 

The Rise of Ransomware

Ransomware is a growing threat on the information security landscape. These attacks target your devices and the data stored thereon, as well as the data on  flash drives which you may have mounted and networks and cloud services to which you may be connected.  For more information on ransomware and how you can protect yourself from this threat, please see:

Ransomware Scams: Don’t Let Them Lock You Out of Your Own Computer

 

 

 

Password Best Practices & Use of a Password Manager

Strong passwords and the use of a password manager to manage the many strong passwords you create are essential to keeping your data secure.  For more information on password best practices, and password manager FAQs and recommendations, please see:

Under Lock and Passphrase: Protecting and storing your passwords with a password manager

Forged e-mail purporting to be from NYU HR

Please be advised that the following email is forged.  In this instance, one is able to discern the forgery is by hovering over one of the login links contained in the message.  When this is done (from the received message), the following text displays:
<https://www.cognitoforms.com/Shibbolethnyuedu/NYULogin>

Although you see Shibboleth and nyuedu in the link, please be reminded that you should look for https://www.shibboleth.nyu.edu/

Please also be advised that the company hosting this particular link has been contacted, and the link has been taken down.

Screenshot of email purporting to be from NYU HR, Sabrina Ellis, mentioning the Yahoo breach and suggesting that account holders login to their Yahoo accounts via an embedded link to ensure their accounts have not been breached and view the recorded time of their last login.

 

Targeted Attacks via Social Engineering

Two steps that you can take to avoid targeted attacks by social engineers are:

  1. Limit the information you share on social media sites. Information shared on these sites can be used to target you, your place of employment, or people that you know.  For example, a targeted phishing attempt, a/k/a spear phishing, may be designed to target you or someone that you know, as a result of information gleaned from social media.
  2. Use your phishing detection skills and knowledge to examine e-mail received and avoid phishing scams. To view a NYU Knowledge Base resource on detecting phishing messages, please click here.

Social engineering schemes may occur via:

  • Phishing attempts
  • Telephone calls (a/k/a “vishing”)
  • In-person visits

For more information on targeted attacks, please view the following SANS video of the month which will be available for viewing throughout the month of October.

For more information on social engineering and how you can protect yourself, please click here. Please report suspected social engineering scams to security@nyu.edu.

October is National Cyber Security Awareness Month!

Did you know?  October is National Cyber Security Awareness Month (NCSAM)!  The goal of NCSAM is to promote awareness of the information security risks and threats we face daily.  The themes we’ve chosen for the month are ransomware, and passwords. Please visit our Security Awareness page for more information, and links to resources.

What can you do to improve your individual information security posture? Learn essential security tips, and access related information security resources by taking the Individual Technology Security Tech Savvy elearning module! This module is available to faculty and administrators on iLearn.

NYU’s Office of information Security is here throughout the month (and beyond) to provide you with the latest tips and tutorials on how to protect yourself and your information online.