Computing Services and Systems Development (CSSD) is aware of a new email phishing scam claiming that there has been a change in the recipient’s Human Resources status. The email asks readers to click a link and log in to a Web site to identify this change. The fraudulent Web site provided in the link may look legitimate, but it actually allows scammers to steal the employee’s username and password when they log in. Scammers are then able to use these log in credentials to change the employee’s direct deposit information.
We have not yet received reports of Pitt students, faculty, or staff receiving this email scam. If you do receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the email.
CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers a free version of Malwarebytes for individuals and departments. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the Technology Help Desk at 412 624-HELP  if you have any questions regarding this announcement.