!

Phishing Alert: CourseWeb Notification Scam

Monday, August 1, 2016 - 13:11

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims your CourseWeb access will expire soon unless you click a link to validate your credentials. The link directs readers to a harmful site that attempts to collect their username and password. The email scam usually originates from a non-University email address "on behalf of helpdesk@pitt.edu".

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: CourseWeb Notification

Dear User,

Please be informed that your access to the CourseWeb will expire soon due to an incoming system update.
If you intend to use this service in the close future, you have to validate your credentials urgently, before you lose access.
For this purpose, please follow the instructions in the URL below by logging in once. A successful login will activate your account and you will be redirected to the CourseWeb homepage.

<LINK REMOVED>

If you are unable to log in, please contact the Technology Help Desk at helpdesk@pitt.edu for immediate assistance.
We apologize for any inconvenience caused.

Yours Sincerely,

CourseWeb System Administrator
© University of Pittsburgh
4200 Fifth Ave, Pittsburgh, PA 15260
bblearn@pitt.edu

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the CourseWeb login page and attempts to collect your username and password.

CourseWeb scam

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.