Please be advised of the following phishing message:
Please be reminded of the importance of hovering over each link in an email message and confirming where a link will direct you before clicking it. Although the first link in this message appears as: https://shibboleth.nyu.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=a14tjdxg5d4av4qfd9m4o1cf?execution=e1s1
and has known and familiar elements, it is spoofed. When you hover over the link (in the received message), what displays is: http://shibboleth.nyu.edue.in/idp/profile/SAML2/Redirect/Loginpage.php?
Please note that what you are looking for is https://shibboleth.nyu.edu and other variants indicate a malicious link.
If you received this message, and clicked the first embedded link, and entered your credentials at the spoofed login prompt, please take the following steps:
- Immediately reset your password. Please see Changing your NetID/NYUHome password for instructions.
- For NYU employees, please confirm your Direct Deposit information in PeopleSync (Workday).