NYU IT Security Alert: “Salary Adjustment Acknowledgement” Phishing Message

Kate Monahan

NYU is being targeted by a phishing message with the subject line “Salary Adjustment Acknowledgement” that includes a PDF attachment. 

Do not respond to this phishing attempt (not sure what “phishing” is?). Do not click any link, fill in any personal account info, reply to the email, or open the PDF. Doing so may put your accounts, identity, and NYU at risk.

If you did respond, change your NetID password immediately and see below for more information.

On this page: What if I clicked something? | Reporting phishing | What gives this one away?

What if I clicked something?

  • If you went to the website linked from the PDF and entered your username and password, change your NetID password immediately and email security@nyu.edu as soon as possible so they can assess the risk and assist in mitigating any potential damage.
  • If you attempted to open the PDF in this phishing email or replied to the email but didn’t provide your NetID and password, change your NetID password immediately as a precaution.
  • If you receive additional requests for personal information, do not respond.

Reporting phishing

  • NYU IT is aware of this ongoing cyberattack and is taking steps to block further messages. 
  • It’s always helpful for people to report such messages by forwarding them to phishing@nyu.edu and then deleting them. Doing so helps NYU IT assess the scale of an ongoing phishing attack.

How do I report phishing attempts?

  1. Without opening the message, you can right-click, command-click, or control-click (depending on your device or computer type) to view a menu. Select Forward.
  2. In the To: field, enter phishing@nyu.edu and then send.
  3. Delete the message.
 contextual menu in Gmail showing the "forward" option

What gives this one away?

There are several elements that make this message identifiable as a phishing attempt. Like many phishing messages, it attempts to create a sense of urgency by focusing on something financial and instructing you to provide personal information in a non-standard way. Some of the things that give this one away include:

  1. Suspicious “From” field: there’s no situation in which an email about your salary would be sent via a third party such as “ugftv”.
  2. Unusual typeface: if you’re reading this message on a screen, did you notice the non-standard letter “a” in the subject line and body of the message? This is not something you will see in official NYU communications.
  3. Awkward and grammatically incorrect text: there are several indicators throughout the message, including referring to NYU as “The New York University,” the non-standard decimal point in the number, the confusing wording about a “salary increment letter,”, the misspelling of “look” as “lok,” and the use of green type.
  4. Request that the recipient download and fill out a PDF instead of logging into PeopleSync, the most common way for NYU employees to manage their personal and financial information. The PDF may also be tagged with a warning from Gmail. Attempting to trick you into downloading and opening a file is a common way for scammers to gain access to your information and can even result in ransomware that locks you (and potentially many others) out of essential services, accounts, and equipment.
An example of the phishing message featuring red circles around the indicators that this is phishing
An example of the messaging. Red circles highlight the indicators that this is a phishing message.

Glossary

Phishing

Phishing is a type of message that attempts to trick you into revealing personal or sensitive information, and/or to install malware on your device (such as a computer, tablet, or phone). These messages can be delivered by email, phone call, text, DM, or other means.

Read more about identifying and reporting phishing and other cyberattacks.