Please be advised of the following phishing message purporting to originate from NYU.
Phishing Indicators:
- When an email asks you to take an action, such as clicking on a link or opening an attachment, evaluate the message carefully and ask yourself if you were expecting to receive it, and if not, whether you’re able to confirm the legitimacy of the communication you’ve received via a trusted means of communication.
- Although the message contains some familiar elements, such as the use of “nyu” in the sender’s address <noreply@nyu.edu> and the use of “New York University” as a signature, notice the “generic” nature of this communication, which includes a greeting of “Dear Employee”, and the message contains no specifics about the message waiting for you in the employee portal, and no department or unit name, or sender information. In this case you’re unable to confirm message legitimacy.
If the embedded link in this message is clicked, it will take you to a spoofed prompt. It’s always recommended that you inspect the URL in your browser’s address bar whenever you visit a site via a link to confirm that you have arrived at your desired destination vs. a spoofed site or prompt.
When viewing the legitimate NYU login prompt, you can expect to see a URL beginning with “https://shibboleth.nyu.edu/” or the following in your browser’s address bar:
