Phishing is a "technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person." [Source]


If you receive an email that you believe to be a phishing attempt, please forward it to phishing@nyu.edu.


If you clicked on a link in an email that you believe to be a phishing attempt, you should change your login credentials at: start.nyu.edu, and be on the lookout for follow-up messages.


If you provided additional information in your reply to an e-mail that you believe to be a phishing attempt, e.g. banking or credit card details, you should contact your bank or lender. 


For context:


Here's a real-world "spoofing" example (with names obscured): 


From: Prof. X <pr8814953@yandex.ru>
Date: Thu, May 9, 2024 at 9:49 AM
Subject: Do you have time?
To: foo@nyu.edu <foo@nyu.edu>, foofoo@nyu.edu <foofoo@nyu.edu>


Can you handle a task for me now? Please let me know ASAP.     

 

Best regards,

Prof. X


Note that the "From:" header says it's from Prof. X, but the e-mail address ("pr8814953@yandex.ru") is an external entity.  


Remember:  forwarding NYU email messages to another email account (e.g., @gmail.com or @msn.com), is done at your own risk, as the University cannot guarantee the proper handling of email by outside vendors or by departmental servers.


If you are using a non-NYU email address, please see the following to report phishing:


Google Mail (G-mail):

  1. On a computer, go to Gmail.
  2. Open the message.
  3. Next to Reply , click More More.
  4. Click Report phishing.


Outlook:

  • In the message list, select the message or messages you want to report.

  • Above the reading pane, select Junk > Phishing > Report to report the message sender.

                 

                    A screenshot of the Junk button in Outlook.com.