Never send your password in email.
THE TRAP: You receive an urgent email that appears to be from IT Central, Information Technology, or the security/ system/ Web administrator asking you to reply with your password because your account is “compromised” or “over quota” or “suspended due to inactivity.”
YOUR DEFENSE: Organizations you do business with (including The New School) already have your account information and will never ask you to send your password or other sensitive personal information like bank account numbers, credit card numbers, Social Security numbers, driver’s license numbers, health information, or health insurance numbers by email. Note especially that the New School president, the provost, the IT department (including IT Central), and other university departments will never request account information from you in this manner.
Don’t click unexpected links.
THE TRAP: You receive an email that claims to be from IT Central, Information Technology, or the security/ system/ Web administrator. It says that it’s urgent that you click a link to prevent problems with your account. Or you receive an “important document” from someone you know that, when opened, asks you to click a link to view the secure content.
YOUR DEFENSE: Be skeptical about any email that you aren’t expecting if it asks you to click on a link, open a document, or take some other action. Password thieves may insist that immediate action is necessary and may pretend to be a New School authority or another trusted entity. Don’t let these tactics trick you into letting down your guard. The email is most likely part of a scam.
Look out for deceptive links.
THE TRAP: You receive an email telling you to “click here” to verify your account. Or you receive an email with an “important document” attached that, when opened, asks you to “click here” to view the secure content.
YOUR DEFENSE: Hover your mouse cursor over the link (don’t click!) to discover the actual destination URL (it will usually be displayed in the bottom left corner of the window). On mobile devices, press and hold the link (don’t tap!) to get a pop-up showing the actual URL. Don’t click on a link unless it goes to a URL you trust. For example, hover on the URL below. In the left corner you can see that the actual URL is www.NOT-YOUR-BANK.phishing-scam.
Watch out for deceptive “from” lines.
THE TRAP: Email “from” headers include two elements: the sender’s name and the sender’s email address. Gmail displays the name in bold text and the address in regular text, like this: Gnarls Narwhal <email@example.com> (On mobile apps, you may have to tap a “details” or “>” link to view the sender’s email address.) Because forging the email address is harder than forging the name, phishers will often try to trick you by putting the “expected” email address into the name field, like this: Gnarls Narwhal <firstname.lastname@example.org> <email@example.com>
YOUR DEFENSE: Examine “from” lines carefully and be suspicious of emails that include an email address in the name field.
Look for https://sso.newschool.edu/ before entering your NetID and password.
THE TRAP: You are asked to enter your NetID and password into what looks like the standard New School login page.
YOUR DEFENSE: Always check the URL displayed in the browser’s address bar to make sure it starts with https://sso.newschool.edu/. Trusted New School login pages will never include anything phishy before the first single slash. Fraudulent login screens designed to steal your credentials may look authentic if you’re not paying attention to the URL.
Not sure whether its a phish? Drop us a line.
THE TRAP: You receive an email that looks like an official New School email. You’re not sure if it is a phishing attempt.
YOUR DEFENSE: Forward the message to firstname.lastname@example.org or call IT Central at 212.229.5300 xHELP (x4357).