Skip Navigation

Phishing, Viruses, and Malware

Ransomware

If you receive a Ransomware popup or message on your device alerting you to an infection, immediately disconnect from the Internet (turn off wifi and/or unplug wall connection) and external drives to avoid any additional infections or data losses. Report the incident to Gallatin Helpdesk at 212-998-9157 right away!


Proactive steps to protect against ransomware include the following:

  • Always use antivirus software and a firewall. NYU IT provides client security software (anti-virus and firewall in one) free of charge to NYU faculty, staff, students, and researchers with a valid netID: https://www-nyu-edu.ezproxy.its.nyu.edu/its/protected/
  • Keep software up to date. Our Windows computers are set to automatically update and our Macs inform us each time updates are available for installation. If other programs on your computer alert you that they need to be updated please contact the Gallatin Helpdesk at gallatin.helpdesk@nyu.edu or 212-998-9157 and we will be happy to assist you.
  • Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it's best to prevent them from appearing in the first place.
    Safari - https://support.apple.com/en-us/HT203987
    Internet Explorer - https://support.microsoft.com/en-us/help/17479/windows-internet-explorer-11-change-security-privacy-settings
    Google Chrome - https://support.google.com/chrome/answer/95472?hl=en
    Mozilla Firefox - https://support.mozilla.org/en-US/kb/pop-blocker-settings-exceptions-troubleshooting
  • Always back up your documents. You can back up files to the cloud (Google Drive or NYU Box) or to an external drive. If you back up, verify, and maintain offline copies of your personal and application data, Ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files. For assistance with backups please contact the Gallatin Helpdesk at gallatin.helpdesk@nyu.edu or 212-998-9157.
  • Exercise caution. Don’t click on links inside emails, and avoid suspicious websites. If your computer does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

For additional information about ransomware provided by the NYU Office of Information Security please visit https://wp.nyu.edu/connect/2016/09/22/ransomware-scams/

Thank you to Esther Silver from the UCSF Security Team for permission to modify and publish this content.

 

Phishing

The examples below are of messages received by the Gallatin community. They are all phishing schemes designed to steal your personal or professional information. Please do not correspond with the sender or click on the links provided in the message if you receive it to your email. Always check with Stefanie, Conrad, or Nick if you receive a suspicious message: gallatin.helpdesk@nyu.edu or 212-998-9157.

 


---------- Forwarded message ----------

From: Smith, Jackson <jacksmi@siue.edu>

Date: Tue, Nov 14, 2017 at 3:25 PM

Subject: Important Update

To: "Smith, Jackson" <jacksmi@siue.edu>



Hello,

Please view the document below for your Perusal.

Click here to view document.

Regards,

Jackson Smith.


---------- Forwarded message ----------

From: NYU IT Support
Date: Thu, Feb 2, 2017 at 2:21 PM
Subject: Un-Authorized Sign-in Attempt!!!
To: info@nyu.edu

 


Your NYU Email account has been temporally suspended, this means you will not be able to send and receive new messages. We have detected an UN-AUTHORIZED Sign-in attempt to your NYU Email account,
&nbsp;
To Re-Validate your NYU Email you are required to follow this [removed link] and Confirm your NYU Email Account..
&nbsp;
Best Regards
NYU IT Support Team
----------------------------------------
Copyright © New York University. All rights reserved

 

 

 

From: Howard Feinberg
Sent: Monday, December 19, 2016 1:57 AM
To: Howard Feinberg
Subject: IT Services (ITSM)

TO ALL

Your Password Expires in 2hour(s) We currently upgraded our Server to 50GB inbox space below via the ACCOUNT MANAGEMENT PAGE.

Click on Outlook Web Access

If your Web-mail Server is not upgraded in the next 2hour(s) Your next log-in Access will be declined.

Any difficulties, quotas contact the IT Help desk.
Copyright (c)2016 ITS Help Desk

 

From: New York University [mailto:mb161@nyu.edu]
Sent: Tuesday, December 13, 2016 2:19 PM
Subject: Warning Alert From NYU dont Ignore
 
Warning Alert From NYU dont Ignore

We are having problem in our webmail New York University servers and we are deleting or unused and abandoned webmail accounts.Are you still using your webmail? Please click the link below and fill the information correctly to secure your webmail account and your webmail will be protected.All users who fail to follow this process will have their webmail suspended from our webmail server within 24hours days of receiving this email.Click Below Link

[link removed]

Thanks for your co-operation

Sincerely,

Technical Team
New York University

 

From: "ijhssi.office IOSR" <ijhssi.office@mail2inv.com>
Date: November 30, 2016 at 6:42:18 AM EST
To: [removed]
Subject: IJHSSI Journals : Call For Paper

International Journal of Humanities and Social Science Invention



Call for Papers (November 2016 Issue)
Dear Author/Researcher
                                  IJHSSI is peer reviewed International Journal which publishes paper online as well as print version. IJHSSI is indexed in major indexing like EBSCO HOST, CABELL’s library, ULRICH web, Jour Info etc.
ISSN (Online version): 2319 – 7722
ISSN (print): 2319 – 7714
Subject Category: Humanities and Social Science.
IJHSSI follows the rapid publication process.
   
Important dates are as follows:
Last Date for paper Submission: 10 December 2016.

Publication Date:  20 December 2016.
 
Hard copy will be dispatch within 7 days after online publication.
Please submit your paper through [link to phishing site removed]
 
Website: [link to legitimate journal site removed]
With warm regards
Editor-In-Chief
IJHSSI

 

From: "\"library\"" <library@nyu.edu>
Date: November 29, 2016 at 10:14:57 AM EST
To:
Subject: Library

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!
To reactivate your account, simply visit the following page and login with your library account.

Login Page:

[link removed]


Best regards,



New York University
library
ITS Project Services
Phone: 1-212-988-3333
Email: library@nyu.edu

 

---------- Forwarded message ----------
From: Micheal Tappo <cnn.michealtappo@gmail.com>
Date: Wed, Nov 23, 2016 at 2:38 PM
Subject: safe arrangement
To: [removed]




--
Hello,
My Name is Micheal Tappo from USA,press  director on war and conflict in Syria.I have concluded arrangement with a Bank in Germany on how to transfer the ($7.5 MILLION DOLLARS) to your local account in your country without any international violation of financial laws.

Regards
Mr Micheal Tappo

 

---------- Forwarded message ----------
From: [removed]
Date: Sat, Oct 29, 2016 at 5:13 PM
Subject: Hello! Friend
To:

You have a pending incoming docs shared with you via Google docs
Click to open: Secure Message

Google Docs makes it easy to create, store and share online documents, spreadsheets and presentations.
Logo for Google Docs
[removed]

---------- Forwarded message ----------
From: NYU Admin
Date: Tue, Oct 25, 2016 at 6:56 AM
Subject: Important Message
To:

You have an important secure message from the Health Center. Please CLICK HERE to view the message.

Regards

Admin

 

---------- Forwarded message ----------
From: Peter Landry <peter.landry@uturonto.ca>
Date: Thu, Oct 20, 2016 at 1:14 PM
Subject: Re:
To: [removed]

Hi
                                   
Dear [removed];
 
I recently read your last article and it was very useful in my field of research.
I wonder, if possible, to send me these articles to use in my current research:
 
1- https://shibboleth.nyu.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=a14tjdxg5d4av4qfd9m4o1cf?execution=e1s1
                                                
2- http://www.sciencedirect.com/science/article/pii/S1007570416302532
           
Thanks for you Cooperation in Advance.
 
Dr. Peter Landry
Toronto University
Department of Management
phone: [removed]

---------- Forwarded message ----------
From: "New York University" <[removed[]]>
Date: Sep 30, 2016 6:04 PM
Subject: Warning notification
To:
Cc:

Warning notification

This message is from New York University  Webmail Service You have exceeded the limit of your New York University  Webmail Email Service  mailbox set by your web service and you will be having problems in sending and receiving mails, you may lose all your information's when your account is disabled. To prevent this Please Click the Link Below and login your account To Validate Your MailboxAnd Increase Your Mailbox Quota.

[link removed]

Warm Regards,
(ITS HELP DESK)

---------- Forwarded message ----------
From: Library <library@med.nyu.edu>
Date: Fri, Jul 22, 2016 at 8:32 AM
Subject: Renew Warning ( [name removed] )
To: [address removed]


Dear  [name removed] ,

If your library account has expired, you will be unable to access the libraries' databases from off campus, check out material, or renew material. If you still need library access because you are working on your dissertation, or for another academic purpose.

To avoid invalidation of the account, simply visit the following page and login here.After login, your account will be enabled immediately.

[link removed]


© 547 La Guardia Place
New York, NY 10012
212.998.1010

---------- Forwarded message ----------
From: Francois Bernard <francois.bernard924@gmail.com>
Date: Fri, Jul 15, 2016 at 2:45 PM
Subject: Re: Hello [Professor]
To:

Please, I am from Mississippi but work and reside here in Paris, France. My late father was formal US Ambassador to France hence we were born. I attended American College, Brisbane and subsequently Queensland University Australia where I studied Banking and Finance hence I am very conversant both in English and French Language. At the moment I am the Accounting & Finance Director, BNP Paribas Bank here in France. As you ought to know, certain offices in various organization especially banks are fraught with huge rewards for those who sit upon certain chairs and oversee certain portfolios, and this brought about the reason for this message. I just uncovered a certain dormant account belonging to a late doctor sequel to the information in his file, this portfolio worth 11million euros which has been abandoned for years and now the bank want to revert the funds back into its treasury as abandoned or unclaimed monies,  I, being an American will not allow a French Bank to seat on this money. I need your audience so that we can discuss what to do about this wealth and how to acquire and split it.
 
Yours Sincerely,  
Francois BERNARD  
Director of Large Corporate Market/Accounting & Finance  
Investment/Private Banking Department
BNP PARIBAS Paris France
1 Rue de la Grande Chaumière
117 Boulevard du Montparnasse de Rennes
75. Paris 75006 France
Customer Quality Service Direct Lines  
Subsidiary: (33) 75 31 54 7 73  / 08 20 82 00 01
Facsimile: (33) 820 82 00 02
Email: francois.bernard1996@gmail.com
Email: info@bnpparibas.com
Website: www.bnpparibas.com

From: "NYU ADMIN CENTER" <christine@mris.com>
Subject: NYU INFORMATION
Date: June 20, 2016 at 11:47:37 AM EDT
To: undisclosed-recipients:;

SEE ATTACHED
NYU ADMINISTRATOR

Attachment:

 

From: "NYU Support Team <webmaster-support@nyu.edu>" <[removed]>
Subject: ALERT: RESTORE YOUR MAILBOX
Date: June 16, 2016 at 12:45:49 AM EDT
To: undisclosed-recipients:;
​​
You have reached the storage limit of your Mailbox CLICK-HERE and login to restore your Mailbox now.

Notice: failure to restore your Mailbox now may lead to let you loose some of your incoming messages..

Support Team..

From: New York University [mailto:[removed]]
Sent: Wednesday, June 08, 2016 4:49 PM
Subject: Email Security Alert!

© New York University
Email Security Alert!

Dear user, your mail
*****@nyu.edu was Accessed from a different country of the IP and will be suspended, you need to check this account now. Please LOGIN to check now and confirm your IP.

New York University. All rights reserved.
Designed by The Office of Web Communications © 2016.

From: Library <library@nyu.edu>
Date: Mon, Jun 6, 2016 at 10:07 AM
Subject: Library account
To: [removed]

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!


To reactivate your account, simply visit the following page and login with your library account.

Login Page:

[link removed]

Best regards,

New York University
library
ITS Project Services
Phone: +1 212-998-3615
Email: library@nyu.edu

From: NYU Admin [mailto:ati211@nyu.edu]
Sent: Tuesday, May 31, 2016 11:24 AM
Subject: Important Message

You have an important secure message from the Student Health Center. Please CLICK HERE to view the message.

New York University

Inline image 1

Tue May 03 13:56:07 2016 auto-shipping@amazon.co.uk <auto-shipping@amazon.com> ]
Subject: Your Amazon.co.uk order has dispatched (#916-3828620-3489535)
Date: Tue, 3 May 2016 13:56:06 -0400 (EDT)
To: [address removed]
From: "Amazon.com" <auto-shipping@amazon.com>

Attachment: .ZIP file containing a Locky ransomware variant!

---------- Forwarded message ----------
From: Henry B Sheeran <henry.sheeran@nyu.edu>
Date: Mon, Apr 18, 2016 at 4:32 PM
Subject: View
To:

I sent you a vital document, Click here to view.

Thanks,
Henry

 

---------- Forwarded message ----------

From: New York University [mailto:{removed}]
Sent: Wednesday, February 03, 2016 2:38 AM
Subject: Email Security alert!

New York University©,
Email Security alert!
Dear Nyu User©,

Your Email *****@nyu.edu was accessed from a different Country IP & will Be suspended,
you need to Verify this account now.
Please Click*Verify Now*and sign in to confirm your IP.

New York University
Copyright © 2015 Mail! Inc

---------- Forwarded message ----------
From: HELP DESK <help.hr.help@mail.ru>
Date: Fri, Feb 26, 2016 at 1:25 PM
Subject: IT Service Help Desk
To: help.hr.help@mail.ru

For Security Purpose, you are advised to Verify your webmail account.
CLICK HERE to get your webmail account verified.
All Rights Reserved.

---------- Forwarded message ----------
From: Library <library@nyu.edu>
Date: Tue, Feb 23, 2016 at 9:07 AM
Subject: Library account
To: [removed]

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!
To reactivate your account, simply visit the following page and login with your library account.

Login Page:
[phishing link removed]

Best regards,

New York University
library
ITS Project Services
Phone: +1 212-998-3615
Email: library@nyu.edu

---------- Forwarded message ----------
From: New York University - IT Service Desk <deleted>
Date: Friday, February 19, 2016
Subject: Important Notification
To:

 

Your mailbox is almost full and is running out of disk space.

This mailbox is currently 98.87% (2,699.60/3,000.00 MB) full.

To avoid any disruption of services or losing some of your emails from the mail box.

Goto :[deleted]

Login and activate additional 16GB storage now to have your account upgraded to higher quota.

Note: This is an automated server notification to help you keep track of your usage and avoid any down-times, please do not reply directly to this message.

 

---------- Forwarded message ----------
From: nyu.edu <yj738@nyu.edu>
Date: Tue, Feb 16, 2016 at 9:19 AM
Subject: View now !
To:

Hello,

Kindly view this Dropbox document to protect yourself.

Thanks,

 

---------- Forwarded message ----------

From: NYU <deleted>

Date: Thu, Jan 28, 2016 at 11:41 AM

Subject: New NYU Spam Security Check

To:  

Dear User,

IT Services have reviewed the existing security controls in place, in light of a recent increase in fraudulent emails (often referred to as _phishing emails_) received by staff and students.

As part of this review, we have extended the _spam_ checking and filtering service. As well as checking email coming in from outside the University we will also be checking emails sent from within the University.

This should increase our ability to detect fraudulent emails and mark them as spam.

[link deleted]

Note: If you are unable to click the link, please move this email to your inbox .

© Copyright 2016.

---------- Forwarded message ----------
From: "Smith, Judy M" [deleted]
Date: Jan 25, 2016 3:19 PM
Subject: UPDATE
To: [deleted]
Cc:

Your Webmail account Certificate expired on the 30th-01-2016, This may interrupt your email delivery configuration, and account POP settings, page error when sending message.
 
To re-new your webmail Certificate, Please take a second to update your records by link below or copy and paste link; [deleted]
 
account will work as normal after the verification process, and your webmail Certificate will be re-newed.
 
Your security is our priority.
Copyright © 2016 All rights reserved
Division of Information Technology

 

Virus

The examples below are of messages received by the Gallatin community. They are viruses designed to trick you into opening the attachment which will infect your computer and could potentially steal your personal or professional information. Please do not click on the links provided in the message if you receive it to your email. Always check with Stefanie, Conrad, or Nick if you receive a suspicious message: gallatin.helpdesk@nyu.edu or 212-998-9157.

From: Mulcahy, Jeremy [mailto:jmulcah@ju.edu]
Sent: Tuesday, November 29, 2016 5:19 PM
Subject: Wire transfer copy
 
payment copy is attache

 

---------- Forwarded message ----------

From: Jimmie Montgomery

Date: Wed, Dec 2, 2015 at 6:33 AM

Subject: November Invoice #53733543

To:

Hello ,


Please review the attached copy of your Electronic document.

A paper copy of this document is being mailed, but this email is being sent in addition for your convenience.


Thank you for your busines
s.

 

Malware

Below are examples of web sites which indicate your device is infected with malware. If you see these pages on your Gallatin device please contact the Gallatin Helpdesk at gallatin.helpdesk@nyu.edu or 212-998-9157. For personal devices please contact NYU IT at askit@nyu.edu or 212-998-3333.

Survey malware examples

Survey 2
Survey 1

 

 

 

Ransomware

How do I protect my computer from ransomware?

If you receive a Ransomware popup or message on your device alerting you to an infection, immediately disconnect from the Internet (turn off wifi and/or unplug wall connection) and external drives to avoid any additional infections or data losses. Report the incident to Gallatin Helpdesk - 212-998-9157 right away!

 

Proactive steps to protect against ransomware include the following:

  • Always use antivirus software and a firewall. NYU IT provides client security software (anti-virus and firewall in one) free of charge to NYU faculty, staff, students, and researchers with a valid netID: https://www-nyu-edu.ezproxy.its.nyu.edu/its/protected/
  • Keep software up to date. Our Windows computers are set to automatically update and our Macs inform us each time updates are available for installation. If other programs on your computer alert you that they need to be updated please contact the Gallatin Helpdesk at gallatin.helpdesk@nyu.edu or 212-998-9157 and we will be happy to assist you.
  • Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it's best to prevent them from appearing in the first place.
  • Always back up your documents. You can back up files to the cloud (Google Drive or NYU Box) or to an external drive. If you back up, verify, and maintain offline copies of your personal and application data, Ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files. For assistance with backups please contact the Gallatin Helpdesk at gallatin.helpdesk@nyu.edu or 212-998-9157.
  • Exercise caution. Don’t click on links inside emails, and avoid suspicious websites. If your computer does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

For additional information about ransomware provided by the NYU Office of Information Security please visit https://wp.nyu.edu/connect/2016/09/22/ransomware-scams/

Thank you to Esther Silver from the UCSF Security Team for permission to modify and publish this content.