Phishing is a "technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person." [Source]
If you receive an email that you believe to be a phishing attempt, please forward it to phishing@nyu.edu.
If you clicked on a link in an email that you believe to be a phishing attempt, you should change your login credentials at: start.nyu.edu, and be on the lookout for follow-up messages.
If you provided additional information in your reply to an e-mail that you believe to be a phishing attempt, e.g. banking or credit card details, you should contact your bank or lender.
For context:
Here's a real-world "spoofing" example (with names obscured):
Date: Thu, May 9, 2024 at 9:49 AM
Subject: Do you have time?
To: foo@nyu.edu <foo@nyu.edu>, foofoo@nyu.edu <foofoo@nyu.edu>
Can you handle a task for me now? Please let me know ASAP.
Best regards,
Prof. X
Note that the "From:" header says it's from Prof. X, but the e-mail address ("pr8814953@yandex.ru") is an external entity.
Remember: forwarding NYU email messages to another email account (e.g., @gmail.com or @msn.com), is done at your own risk, as the University cannot guarantee the proper handling of email by outside vendors or by departmental servers.
If you are using a non-NYU email address, please see the following to report phishing:
Google Mail (G-mail):
- On a computer, go to Gmail.
- Open the message.
- Next to Reply , click More .
- Click Report phishing.
Outlook:
In the message list, select the message or messages you want to report.
Above the reading pane, select Junk > Phishing > Report to report the message sender.