!

Phishing Alert: Message from University President Scam

Monday, December 12, 2016 - 10:56

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that the user has a new, important message from University of Pittsburgh President Dr. Livingston Alexander. The message contains a PDF attachment with a redirect link to a malicious Web page. Opening the PDF redirects the user redirected to a malicious external site which then attempts to download malware. The email scam appears to originate from the University.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: A Message from University of Pittsburgh President Dr. Livingston Alexander

Dear Members of the PITT Community,

Good Morning,

Here is an important document all staffs has to look at. It's about school updates activities.

Everyone needs to read the important information carefully.

Dr. Livingston Alexander

President, University of Pittsburgh at Bradford

Office of the President

(Signature of Doctor Livingston Alexander - removed)

******************************************************************************

The PDF attachment in the phishing email looks like this (shown below).

Fake PDF Attachment

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics an Office 365 login page and attempts to download malware.

Fake Office 365 page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.