As an update to our 10/25/19 and 4/8/19 blog posts on the phishing attempts by the hacking group known as “Silent Librarian”, please be advised of the following recent example of a phishing email in this campaign:
Please note the following indicators:
- The from line often appears as: “University Libraries”, with an external sender’s address
- Subject lines we’ve seen so far for emails in this campaign are:
- Library Notification
- Library Access Renewal Notification
If you receive this email or a similar email, please refrain from clicking on any embedded links, and report this to phishing@nyu.edu. The goal of these campaigns is usually to steal credentials, i.e., your NYU NetId and password. If you have clicked a link in a similar email, and have entered your credentials at a (spoofed) login prompt, please immediately change your password at start.nyu.edu.
Recommendations:
- Do not click embedded links or attachments in unexpected emails, even when they seemingly come from a trusted source.
- When in doubt always contact the sender via a trusted means of communication, such as their NYU Directory phone number.
Please also note that NYU IT does not manage library access renewals. Additional phishing indicators in this message include 1) a non-personalized greeting “Dear Student” 2) a non-existing date of February 30th 3) the following unclear statement “For security reasons, please click the URL link below to update your library enrollment” 4) No signator or sender contact details.
Resource:
NYU IT Security News & Alerts, 2019 Phishing Recap, Resources & Reminders