!

Phishing Alert: Webmail Upgrade Scam Links to Fake My Pitt Email Login Page

Monday, June 22, 2015 - 16:49

 

Computing Services and Systems Development (CSSD) is aware of a new email phishing scam that claims your pitt.edu account needs to be reset immediately. The email, which purports to come from your webmail administrator, provides a link to a fake Web page designed to look exactly like the My Pitt Email login page for Outlook Web Access. The fraudulent login page is intended to convince you to enter your username and password.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the email.

****************************************************************************************

Subject: FW: This is your email administrator

ATTENTION!

Dear User,

This is your webmail administrator. Please,be informed that the email server has just been upgraded and your email johndoe@pitt.edu needs to be reset immediately.

This process is to keep the University of Pittsburgh system server updated and protected as always.

CLICK BELOW TO RESET YOUR EMAIL NOW

-URL Removed

Regards,

University of Pittsburgh.

****************************************************************************************

The link in the email message opens a Web page that looks like the one below. The URL in the address bar reveals that the page is not a legitimate My Pitt Email login page.

Scam

If you received this email and entered your username and password, please change your University Computing Account password immediately. The link in the email message opens a Web page that looks like the one below. The URL in the address bar reveals that the page is not a legitimate My Pitt Email login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers a free version of Malwarebytes for individuals and departments. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.