Please be aware of the following spear phishing (targeted) phishing email, which was purportedly sent from a staff member in NYU Abu Dhabi to a faculty member at another University. This very credible looking phish attempts to trick the recipient with the promise of an unusually large honorarium coupled with a request for banking details for payment of the honorarium. Please note that another phishing indicator is that the email appears to originate from an outlook.com domain (vs. nyu.edu). Initially, the recipient replied to the message and requested that it be resent from the sender’s NYU email account. The scammer was able to oblige by changing the display name to make it look as if it was coming from the sender’s NYU Gmail account. In this instance, the recipient remained skeptical, and confirmed the message was a phish by sending an email (outside of this exchange) to confirm.
Please be reminded:
- If an offer sounds too good to be true, it likely is.
- Be skeptical of all requests for sensitive information, and remember to never send sensitive information via email.
- Viewing the sender’s display name is one way to help evaluate if a message is phishing, but remember that the sender’s display name can be forged or the name/address may be altered slightly (e.g., john.doe@nyu-edu.com vs. john.doe@nyu.edu)
- When in doubt, always confirm the legitimacy of a message received by contacting the sender using a trusted means of communication.
- View NYU’s Safe Computing website for more tips on phishing.