The FTC has issued an alert about a phishing email message targeting students, which purports to come from the University Office of Financial Aid. These messages attempt to trick students into clicking an embedded malicious link related to a COVID-19 stimulus payment. The goal of this phishing campaign appears to be credential theft as the link, once clicked, will require a university login. Please note however, that simply clicking a malicious link may trigger the installation of malware.
Best Practice & Reminders:
- Never click on embedded links or open attachments in messages you were not expecting to receive.
- Remember that both email addresses and phone numbers can be spoofed, so messages/calls may appear to be legitimate when they’re not.
- Never provide sensitive information over email or to a caller.
- When in doubt, confirm the legitimacy of a message by phoning the sender at a trusted phone number, such as their NYU Directory phone number.
- If you believe your NYU NetId password has been compromised, reset it immediately at start.nyu.edu.
- You can report suspicious messages to phishing@nyu.edu.